Report - app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973

Report Overview

Submitted URL
app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
IP
51.222.106.2
ASN
#16276 OVH SAS
Submitted
2022-11-28 21:35:37
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	510 B	46 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.216.88.5
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	4.4 kB	142.250.74.10
app.leadershipflag.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	840 kB	51.222.106.2
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973	Phishing
2022-11-28	medium	app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/css/bootstrap.min.css?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery.min.js	Phishing
2022-11-28	medium	app.leadershipflag.com/frontend/assets/css/style.css?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery-migrate.min.js	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/css/ionicons/css/ionicons.min.css?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/js/notify.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/js/bootstrap.min.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/js/knockout.min.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/js/cookie.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/js/app.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/frontend/assets/js/app.js?av=3b48ebd0	Phishing
2022-11-28	medium	app.leadershipflag.com/assets/css/adminlte.css?av=3b48ebd0	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery.min.js	90 kB	2023-03-07	2024-04-19
Pretty URL app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery.min.js IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-19 01:25:21 Times Seen259731 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery-migrate.min.js	14 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery-migrate.min.js IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:00 Last Seen2024-04-18 15:35:09 Times Seen1104 Hash a36b8e9cbfb4a675225aa408c4d15c0c fcd46de9c99e71ed586a850d877fd3b01e8269fd 16eb18d9c6303cdd50ac58db5b2b116c5dcc4c43c89424f268f6d13fc599fb19 Loading...

	app.leadershipflag.com/assets/js/bootstrap.min.js?av=3b48ebd0	29 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/bootstrap.min.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-18 16:45:26 Times Seen9609 Hash ba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1 Loading...

	app.leadershipflag.com/assets/js/adminlte.js?av=3b48ebd0	9.8 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/adminlte.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-18 15:35:09 Times Seen1572 Hash add5b3f0900365f3b4240664da17760e 7cbd53bfcf830e7c150d6bb55efcc2832e7543e7 42338bc162a705b04953fc72340216dbefb55cf12ec1a6e7cad04e5e680e26bc Loading...

	app.leadershipflag.com/assets/js/cookie.js?av=3b48ebd0	4.9 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/cookie.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-18 15:35:09 Times Seen1576 Hash 449dd3907404cead5d8ba6203b3550dc c9bb690411c3f46145f8ea137e6783929d8c27aa 3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1 Loading...

	app.leadershipflag.com/frontend/assets/js/app.js?av=3b48ebd0	464 B	2023-03-07	2024-04-17
Pretty URL app.leadershipflag.com/frontend/assets/js/app.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-17 19:30:13 Times Seen1000 Hash 63407331c21d5d542d65b0db1806572b 5571a79924a1a0d063a01ecdd1e16758c05c4e46 da13c80125e8103e470f9982aabe33d0176ae23e6ff5d74a7909fc13e36d73d8 Loading...

	app.leadershipflag.com/assets/js/notify.js?av=3b48ebd0	5.6 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/notify.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-18 15:35:09 Times Seen1037 Hash 9a19754fbd746ae6b603286c3a971e55 c45b906ec95326202c2a8e13545b5c17e92bbdc7 d1416dc4293eaae9e4aac8d5267fb0d5dcb35d9dbc44b63278f75750a1f9cc22 Loading...

	app.leadershipflag.com/assets/js/knockout.min.js?av=3b48ebd0	60 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/knockout.min.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-18 11:51:25 Times Seen1160 Hash fa8662c7a8415d0355f444eaff534845 b60c2c301c280378b4d51769cb20a46e65989c73 972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb Loading...

	app.leadershipflag.com/assets/js/app.js?av=3b48ebd0	2.8 kB	2023-03-07	2024-04-18
Pretty URL app.leadershipflag.com/assets/js/app.js?av=3b48ebd0 IP 51.222.106.2 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:51 Last Seen2024-04-18 15:35:09 Times Seen889 Hash 3ade0b17b1b7c3d1c27aba12ceeda1d3 f8c1fe63c016a077e1545d123eb4db8e8a690c6d cf55d95ad63c72f2eeb219da669cc848cc3022fa4a4798d62ed19ed342460cbe Loading...

HTTP Transactions (46)

URL IP Response Size

app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973

51.222.106.2

301 Moved Permanently

421 B

URL HTTP/1.1
app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
421 B (421 bytes)
Hash
ecc785e1ce22afec46d687ea846efa88
6ef8987a810ebdf331c7c84d90e95b266db8c4d4
5689bf8d23fb67785ab60a3b9c174731e69306d5f75fbb71efde655098494dd5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 21:35:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Location: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Content-Length: 421
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10407
Expires: Tue, 29 Nov 2022 00:28:53 GMT
Date: Mon, 28 Nov 2022 21:35:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14050
Expires: Tue, 29 Nov 2022 01:29:36 GMT
Date: Mon, 28 Nov 2022 21:35:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1804
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Last-Modified: Mon, 28 Nov 2022 21:05:22 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: JqoTGXoErpgP4GyoUaEExoPMEyDX4Ept1j9+ASWbvY9eVzASiGMqtXxV8UNj951J0vVQnR1N6QM=
x-amz-request-id: 7B8KPHDQ0YWFJV6E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 20:42:13 GMT
age: 3193
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 21:19:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 953
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 21:35:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d212bc25c8af9c29f508a5d688bf6eaa
8e5ca6464cc88830c4634a5761259b256ac0698f
4e97a34440ea85a9a580db26f441ad41ef925aea7a8adcdea3fc54b0815d60a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E97A34440EA85A9A580DB26F441AD41EF925AEA7A8ADCDEA3FC54B0815D60A5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Tue, 29 Nov 2022 03:35:17 GMT
Date: Mon, 28 Nov 2022 21:35:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 21:08:55 GMT
cache-control: public,max-age=3600
age: 1591
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973

51.222.106.2

200 OK

6.9 kB

URL HTTP/1.1
app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (356)
Size
6.9 kB (6889 bytes)
Hash
d0b188e294dd9178e43d532cc5d21d45
c5e4508bd83064855ec292c35de653444eea2c3a
54b1f8d02da6772c3f2dceb509ce711bf2d510a712b76a1f5b51ffae7cacf619

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
X-Powered-By: PHP/7.4.28
X-XSS-Protection: 1; mode=block
Set-Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; path=/; HttpOnly; SameSite=Lax
mwsid=tcskbu9hck26kjrdavrn6v940c; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 6889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2679
Cache-Control: max-age=130568
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:51:34 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

34.216.88.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.88.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EvVPiiD0JvufESqsI/K6pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9mTk0uhIgDsHWVUq8PqcJZVHzF4=

app.leadershipflag.com/assets/css/bootstrap.min.css?av=3b48ebd0

51.222.106.2

200 OK

100 kB

URL HTTP/1.1
app.leadershipflag.com/assets/css/bootstrap.min.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65366)
Size
100 kB (99961 bytes)
Hash
8a7442ca6bedd62cec4881040b9a9e83
e2d2b846e9ea72a1985458a3748aab4e01a8fb3a
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/bootstrap.min.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:12 GMT
ETag: "18679-5e7200d51fd00"
Accept-Ranges: bytes
Content-Length: 99961
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery.min.js

51.222.106.2

200 OK

90 kB

URL HTTP/1.1
app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery.min.js
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/cache/9fa83392/jquery.min.js HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Wed, 31 Aug 2022 16:04:25 GMT
ETag: "15d9d-5e78ba69fa340"
Accept-Ranges: bytes
Content-Length: 89501
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/frontend/assets/css/style.css?av=3b48ebd0

51.222.106.2

200 OK

16 kB

URL HTTP/1.1
app.leadershipflag.com/frontend/assets/css/style.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
16 kB (16326 bytes)
Hash
0704fe77a703921a5520c4ef079b3ac4
c8d27d838b3e0f80232e76ffc0ec2c8af08727ce
6a6249eb2886276d28435052d388fe35557ea936825d1e06629849ec700bfd95

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/css/style.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:15 GMT
ETag: "3fc6-5e7200d7fc3c0"
Accept-Ranges: bytes
Content-Length: 16326
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

app.leadershipflag.com/assets/css/font-awesome/css/font-awesome.min.css?av=3b48ebd0

51.222.106.2

200 OK

28 kB

URL HTTP/1.1
app.leadershipflag.com/assets/css/font-awesome/css/font-awesome.min.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (27303)
Size
28 kB (27466 bytes)
Hash
4fbd15cb6047af93373f4f895639c8bf
12d6861075de8e293265ff6ff03b1f3adcb44c76
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

HTTP Headers

GET /assets/css/font-awesome/css/font-awesome.min.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:12 GMT
ETag: "6b4a-5e7200d51fd00"
Accept-Ranges: bytes
Content-Length: 27466
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery-migrate.min.js

51.222.106.2

200 OK

14 kB

URL HTTP/1.1
app.leadershipflag.com/frontend/assets/cache/9fa83392/jquery-migrate.min.js
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (13326)
Size
14 kB (13467 bytes)
Hash
a36b8e9cbfb4a675225aa408c4d15c0c
fcd46de9c99e71ed586a850d877fd3b01e8269fd
16eb18d9c6303cdd50ac58db5b2b116c5dcc4c43c89424f268f6d13fc599fb19

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/cache/9fa83392/jquery-migrate.min.js HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Wed, 31 Aug 2022 16:04:25 GMT
ETag: "349b-5e78ba69f9f58"
Accept-Ranges: bytes
Content-Length: 13467
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/css/ionicons/css/ionicons.min.css?av=3b48ebd0

51.222.106.2

200 OK

51 kB

URL HTTP/1.1
app.leadershipflag.com/assets/css/ionicons/css/ionicons.min.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (50806)
Size
51 kB (51284 bytes)
Hash
0d6763b67616cb9183f3931313d42971
f0459300e39155df7aa5e94b3bdb8c8594f49a60
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/ionicons/css/ionicons.min.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:12 GMT
ETag: "c854-5e7200d51fd00"
Accept-Ranges: bytes
Content-Length: 51284
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

app.leadershipflag.com/assets/js/notify.js?av=3b48ebd0

51.222.106.2

200 OK

5.6 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/notify.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text
Size
5.6 kB (5593 bytes)
Hash
9a19754fbd746ae6b603286c3a971e55
c45b906ec95326202c2a8e13545b5c17e92bbdc7
d1416dc4293eaae9e4aac8d5267fb0d5dcb35d9dbc44b63278f75750a1f9cc22

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/notify.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:14 GMT
ETag: "15d9-5e7200d708180"
Accept-Ranges: bytes
Content-Length: 5593
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/js/bootstrap.min.js?av=3b48ebd0

51.222.106.2

200 OK

29 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/bootstrap.min.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (28941)
Size
29 kB (29110 bytes)
Hash
ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/bootstrap.min.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:13 GMT
ETag: "71b6-5e7200d613f40"
Accept-Ranges: bytes
Content-Length: 29110
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/js/knockout.min.js?av=3b48ebd0

51.222.106.2

200 OK

60 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/knockout.min.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (564)
Size
60 kB (59822 bytes)
Hash
fa8662c7a8415d0355f444eaff534845
b60c2c301c280378b4d51769cb20a46e65989c73
972f13893b7056c0567637a44ea4c994b1b3dd1b20e185ebf3478ae9086d74cb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/knockout.min.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:14 GMT
ETag: "e9ae-5e7200d708180"
Accept-Ranges: bytes
Content-Length: 59822
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/js/adminlte.js?av=3b48ebd0

51.222.106.2

200 OK

9.8 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/adminlte.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (9373)
Size
9.8 kB (9774 bytes)
Hash
add5b3f0900365f3b4240664da17760e
7cbd53bfcf830e7c150d6bb55efcc2832e7543e7
42338bc162a705b04953fc72340216dbefb55cf12ec1a6e7cad04e5e680e26bc

HTTP Headers

GET /assets/js/adminlte.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:13 GMT
ETag: "262e-5e7200d613f40"
Accept-Ranges: bytes
Content-Length: 9774
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/css/skin-blue.css?av=3b48ebd0

51.222.106.2

200 OK

198 kB

URL HTTP/1.1
app.leadershipflag.com/assets/css/skin-blue.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
198 kB (197942 bytes)
Hash
a6a58842dcaff37dacbbfacb0bf5037b
0d66ed3be1378ad0988b271a6887e8a6aa9e8ee8
572a1e97b0244232fba52d46c4a627fbfb70f8b987b1d90b17529fb2bd1cf95e

HTTP Headers

GET /assets/css/skin-blue.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:12 GMT
ETag: "30536-5e7200d51fd00"
Accept-Ranges: bytes
Content-Length: 197942
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

app.leadershipflag.com/assets/js/cookie.js?av=3b48ebd0

51.222.106.2

200 OK

4.9 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/cookie.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
4.9 kB (4938 bytes)
Hash
449dd3907404cead5d8ba6203b3550dc
c9bb690411c3f46145f8ea137e6783929d8c27aa
3585a42757908ba2ace27f41b01256f6cf4ffb9679f7ac0ff8957817d5ccfde1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/cookie.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:13 GMT
ETag: "134a-5e7200d613f40"
Accept-Ranges: bytes
Content-Length: 4938
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/js/app.js?av=3b48ebd0

51.222.106.2

200 OK

2.8 kB

URL HTTP/1.1
app.leadershipflag.com/assets/js/app.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
2.8 kB (2797 bytes)
Hash
3ade0b17b1b7c3d1c27aba12ceeda1d3
f8c1fe63c016a077e1545d123eb4db8e8a690c6d
cf55d95ad63c72f2eeb219da669cc848cc3022fa4a4798d62ed19ed342460cbe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/app.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:13 GMT
ETag: "aed-5e7200d613f40"
Accept-Ranges: bytes
Content-Length: 2797
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/frontend/assets/js/app.js?av=3b48ebd0

51.222.106.2

200 OK

464 B

URL HTTP/1.1
app.leadershipflag.com/frontend/assets/js/app.js?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
464 B (464 bytes)
Hash
63407331c21d5d542d65b0db1806572b
5571a79924a1a0d063a01ecdd1e16758c05c4e46
da13c80125e8103e470f9982aabe33d0176ae23e6ff5d74a7909fc13e36d73d8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /frontend/assets/js/app.js?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:15 GMT
ETag: "1d0-5e7200d7fc3c0"
Accept-Ranges: bytes
Content-Length: 464
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

app.leadershipflag.com/assets/css/adminlte.css?av=3b48ebd0

51.222.106.2

200 OK

218 kB

URL HTTP/1.1
app.leadershipflag.com/assets/css/adminlte.css?av=3b48ebd0
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
218 kB (218121 bytes)
Hash
26b22bb6b4ce34772d4cf7f78b9b90c4
96406f7c9b5c65d51c8cc2fef538f6f198b08bb1
a17610f2bcf697c317767f9fe07d2d52c26206dc9c210d2b28c668c0e71b6388

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/css/adminlte.css?av=3b48ebd0 HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Fri, 26 Aug 2022 07:42:12 GMT
ETag: "35409-5e7200d51fd00"
Accept-Ranges: bytes
Content-Length: 218121
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=3b48ebd0

142.250.74.10

200 OK

1.2 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700,900&av=3b48ebd0
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.2 kB (1160 bytes)
Hash
a687e788b3d9498ad29b8fd9b8f29c58
e6a9119032b81e4b876ec0c383610cca910b7905
dbd862ebadd82c51381d49e32e6328634cac42dc7886ae6b0fbbbc80e1abd82e

HTTP Headers

GET /css?family=Roboto:300,400,700,900&av=3b48ebd0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 21:35:26 GMT
date: Mon, 28 Nov 2022 21:35:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
45 kB (45407 bytes)
Hash
edddc2edbec2722f991a9890d8ed0448
8dacc618405ada84ea8406ef3f5cba9f0f02387e
34336559832d0097d486bf76caf1ccd432552ab90262a36e8a39e79b2159226b

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.leadershipflag.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 402756
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=3b48ebd0

142.250.74.10

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=3b48ebd0
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1020 bytes)
Hash
e90110848fc72ab099288652ab6a3607
f6a3a6cf1c7840071a4f8694f4704aa62c21a7c1
b35829aa44cce1f92dcca7c20a9b6f79fd42f5b749115cc00dccb37c499c2638

HTTP Headers

GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&av=3b48ebd0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 21:35:26 GMT
date: Mon, 28 Nov 2022 21:35:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

app.leadershipflag.com/favicon.ico

51.222.106.2

200 OK

198 B

URL HTTP/1.1
app.leadershipflag.com/favicon.ico
IP
51.222.106.2:0
ASN
#16276 OVH SAS

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
ff82d748b4add52e4dd7c8f0b58b89f2
ea69cebf29f461d7831368697f303ea4f0c69a2d
de88c1f678413736e858b27974cd5d2181b3df891b8999dd93835384b0ca2d8f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: app.leadershipflag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/campaigns/oo448btpsjbbf/report-abuse/xn630qsmy87d4/vg592dwnh0973
Cookie: csrf_token=36beab8268f0b9bfbc59ccc0706719bd6ec4f112s%3A88%3A%22cX5Zd1hMYmFNN0NVZTMzQVU2VEJWMVZiblpTMUxQZ2YCS22sBmJxyxYUeorSbtAJPv63KtjiNGXjTIB7vhAccg%3D%3D%22%3B; mwsid=tcskbu9hck26kjrdavrn6v940c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
Last-Modified: Mon, 02 May 2022 08:14:02 GMT
ETag: "c6-5de02f992c680"
Accept-Ranges: bytes
Content-Length: 198
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13411
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 21:35:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13411
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 21:35:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13411
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 21:35:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13411
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 21:35:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9430 bytes)
Hash
1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 84852
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 48229
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10199 bytes)
Hash
2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 85425
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8817 bytes)
Hash
741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZJu4cMNnQTavxqB1MnRFluzfZC59BcUnIHgXh9h6LJWYgsFL83rHoQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 16:15:25 GMT
age: 19203
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6376 bytes)
Hash
78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 84842
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10119 bytes)
Hash
15bd53848c7082464273007e010c54e0
9a3ca698ca1aeae695923277ed2244465e01a1ea
36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U_gitOWWMPO7M5Dd0WktaigfRERa93d86MhziLjZ2qnuON_K5NauyQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:37 GMT
age: 85251
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=3b48ebd0

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400,700&av=3b48ebd0
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:300,400,700&av=3b48ebd0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.leadershipflag.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 21:35:26 GMT
date: Mon, 28 Nov 2022 21:35:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations