apply.leader1.financial Open in urlscan Pro
34.239.197.208 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://apply.leader1.financial/
Effective URL:
https://apply.leader1.financial/login
Submission: On March 08 via manual (March 8th 2022, 7:49:52 pm UTC) from IN — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 22 HTTP transactions. The main IP is 34.239.197.208, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is apply.leader1.financial.
TLS certificate: Issued by R3 on February 24th 2022. Valid for: 3 months.

This is the only time apply.leader1.financial was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 7	34.239.197.208 34.239.197.208	14618 (AMAZON-AES) (AMAZON-AES)
4	18.66.112.100 18.66.112.100	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.14 18.66.97.14	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	35.188.42.15 35.188.42.15	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
22	11

7 34.239.197.208 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-197-208.compute-1.amazonaws.com

apply.leader1.financial	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.112.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-100.fra56.r.cloudfront.net

assets.simplenexus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-14.fra56.r.cloudfront.net

images.simplenexus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.42.15 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 15.42.188.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	leader1.financial 2 redirects apply.leader1.financial	10 KB
5	simplenexus.com assets.simplenexus.com — Cisco Umbrella Rank: 134966 images.simplenexus.com — Cisco Umbrella Rank: 139193	496 KB
4	gstatic.com fonts.gstatic.com	168 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6433	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 68	447 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
1	sentry.io sentry.io — Cisco Umbrella Rank: 363	413 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	30 KB
22	10

	Domain	Requested by
7	apply.leader1.financial	2 redirects assets.simplenexus.com
4	fonts.gstatic.com	fonts.googleapis.com
4	assets.simplenexus.com	apply.leader1.financial
2	www.google-analytics.com	apply.leader1.financial assets.simplenexus.com
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	assets.simplenexus.com
1	fonts.googleapis.com	client
1	sentry.io	assets.simplenexus.com
1	www.googletagmanager.com	apply.leader1.financial
1	images.simplenexus.com	apply.leader1.financial
22	11

This site contains no links.

Subject Issuer	Validity	Valid
apply.leader1.financial R3	`2022-02-24` - `2022-05-25`	3 months	crt.sh
*.simplenexus.com Amazon	`2022-01-18` - `2023-02-15`	a year	crt.sh
simplenexus.com Amazon	`2021-05-26` - `2022-06-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sentry.io DigiCert SHA2 Secure Server CA	`2020-06-02` - `2022-06-07`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://apply.leader1.financial/login
Frame ID: 65CF99C3C519F32EA538653F9856276C
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://apply.leader1.financial/ HTTP 308
https://apply.leader1.financial/ HTTP 302
https://apply.leader1.financial/login Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

22
Requests

100 %
HTTPS

64 %
IPv6

10
Domains

11
Subdomains

11
IPs

3
Countries

728 kB
Transfer

2269 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://apply.leader1.financial/ HTTP 308
https://apply.leader1.financial/ HTTP 302
https://apply.leader1.financial/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
apply.leader1.financial/
Redirect Chain

http://apply.leader1.financial/
https://apply.leader1.financial/
https://apply.leader1.financial/login

8 KB
4 KB

153ms
152ms

Document
text/html

34.239.197.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://apply.leader1.financial/login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.239.197.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-239-197-208.compute-1.amazonaws.com

Software

/ Phusion Passenger(R)

Resource Hash

63ad91d32a512d286dd67a6943b5f2ac9887f442678fa9df48437b5996d2c813

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-type: text/html; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
access-control-max-age: 1728000
x-xss-protection: 1; mode=block
x-request-id: 2aca0bed4c5d20719b0c6536f66e539a
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
x-download-options: noopen
etag: W/"63ad91d32a512d286dd67a6943b5f2ac"
x-frame-options: SAMEORIGIN
x-runtime: 0.050186
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip

Redirect headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-type: text/html; charset=utf-8
location: https://apply.leader1.financial/login
status: 302 Found
cache-control: no-cache
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
access-control-max-age: 1728000
x-xss-protection: 1; mode=block
x-request-id: f0cb344199a1ad06f8cc066ee338e6a5
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
x-download-options: noopen
x-runtime: 0.020783
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 login-d371aa3b.css
assets.simplenexus.com/packs/css/ 2 KB
1 KB 63ms
9ms Stylesheet
text/css 18.66.112.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.simplenexus.com/packs/css/login-d371aa3b.css
Requested by: Host: apply.leader1.financial
URL: https://apply.leader1.financial/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-100.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 72bdf6b72e3b07b5b67c667f3bad61caddcd88e70908d95382180d524cfaeee7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 07 Mar 2022 23:06:16 GMT
content-encoding: gzip
last-modified: Mon, 07 Mar 2022 22:37:23 GMT
server: AmazonS3
age: 74612
etag: W/"82503796cba0036a16e6de070ff51705"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: DrO1Ke8mxAB90JYe23GSyJWuJdjTYFgwdPEBoMRxZxsP7vIrfqf4cw==

GET
H2 200 bootstrap.min.css
assets.simplenexus.com/new_home_page/css/ 120 KB
20 KB 66ms
12ms Stylesheet
text/css 18.66.112.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.simplenexus.com/new_home_page/css/bootstrap.min.css
Requested by: Host: apply.leader1.financial
URL: https://apply.leader1.financial/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-100.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 01:36:28 GMT
content-encoding: gzip
etag: W/"5d5357cb3704e1f43a1f5bfed2aebf42"
last-modified: Sat, 05 Mar 2022 10:25:20 GMT
server: AmazonS3
age: 65600
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: S-3KzRvvhQQBwHAMES59hqbFUIbb1Mt1yFxUx7LAkixnDmUkGyQ_Aw==

GET
H2 200 efc083ab-1757-4ac2-85b5-868ce698077a.png
images.simplenexus.com/company/logo/111172/ 96 KB
96 KB 121ms
21ms Image
image/png 18.66.97.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.simplenexus.com/company/logo/111172/efc083ab-1757-4ac2-85b5-868ce698077a.png
Requested by: Host: apply.leader1.financial
URL: https://apply.leader1.financial/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-14.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a247466fdee5c38084915f06997c124e12c13cfe5900213f11a37f5d8b78ddd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 07 Mar 2022 16:03:25 GMT
via: 1.1 bbd2abbdb134a9d53c0a12f6566e69fe.cloudfront.net (CloudFront)
last-modified: Wed, 30 Sep 2020 14:58:58 GMT
server: AmazonS3
age: 99983
etag: "19471effa3cffd941adb5181f013acc3"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=3153600000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 98032
x-amz-cf-id: kjSIbVfR3cSIrcEmBAYc5yJh8J6IHUUADAqaLJUCon4nXeddjxfrbA==

GET
H2 200 login-1ef5c003b0f4445e9e1e.js Show response
assets.simplenexus.com/packs/js/ 2 MB
374 KB 10ms
10ms Script
application/javascript 18.66.112.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js
Requested by: Host: apply.leader1.financial
URL: https://apply.leader1.financial/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-100.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e3af63b1e736a83e85b6f21416476818e66b088cc69f623e7c1b7eb7ca6d921

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 08 Mar 2022 18:11:53 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 18:05:50 GMT
server: AmazonS3
age: 5875
etag: W/"d4c7a07d1e37caf0520292d864f47970"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: bD8rdV_pqBVkX0V6ofRMKCasuXMpDK7udRd_VEjYMR-yy-d8AE2afg==

GET
H2 200 sn-watermark-4182512dc7396e289a08ea3e564075fe9428043c53304a1824d28a0735482a59.svg
assets.simplenexus.com/assets/ 12 KB
5 KB 38ms
37ms Image
image/svg+xml 18.66.112.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.simplenexus.com/assets/sn-watermark-4182512dc7396e289a08ea3e564075fe9428043c53304a1824d28a0735482a59.svg
Requested by: Host: apply.leader1.financial
URL: https://apply.leader1.financial/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-100.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4182512dc7396e289a08ea3e564075fe9428043c53304a1824d28a0735482a59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 06:34:25 GMT
content-encoding: gzip
etag: W/"c9833c7ff6d6803321bbf7b9394a6c9e"
last-modified: Tue, 01 Feb 2022 17:29:02 GMT
server: AmazonS3
age: 47723
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: tiznO1q5GQz_zwemAm9augEZU7MeIe7BL7zP0tRr9rzi5nEyX07Jog==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 75 KB
30 KB 66ms
25ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KXB25RP

Requested by

Host: apply.leader1.financial
URL: https://apply.leader1.financial/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f5f57702e8b52f7b073f4492d95832aec36735fc943dcd8c7d21652a28cf3fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30177
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Mar 2022 19:49:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 48ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: apply.leader1.financial
URL: https://apply.leader1.financial/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6295
date: Tue, 08 Mar 2022 18:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 08 Mar 2022 20:04:52 GMT

POST
H/1.1 200
OK / Show response
sentry.io/api/1242530/envelope/ 2 B
413 B 668ms
182ms Fetch
application/json 35.188.42.15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1242530/envelope/?sentry_key=e9ae7d8c41094d28bcb35526e8f23abb&sentry_version=7

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://apply.leader1.financial/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 08 Mar 2022 19:49:48 GMT
vary: Origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: application/json
access-control-allow-origin: https://apply.leader1.financial
access-control-expose-headers: retry-after, x-sentry-rate-limits, x-sentry-error
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 2

GET
H2 200 css
fonts.googleapis.com/ 21 KB
2 KB 45ms
22ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons|Barlow:200,300,400,500,600,700|Barlow+Condensed:200,300,400,500,600,700

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4b6ad8e2d70b16c402fc55269a6490aa8b9c9bd7d6be0d3bbeccdea02cd92cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 19:49:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 08 Mar 2022 19:49:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Mar 2022 19:49:47 GMT

POST
H2 200 custom_ui_theme Show response
apply.leader1.financial/api/v1/ 62 B
1 KB 141ms
141ms XHR
application/json 34.239.197.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://apply.leader1.financial/api/v1/custom_ui_theme

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.239.197.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-239-197-208.compute-1.amazonaws.com

Software

/ Phusion Passenger(R)

Resource Hash

dedced6fe284bd2b35029b5332d8e24433c50392a7d436e17187be672ce73d8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://apply.leader1.financial/login
X-CSRF-Token: Z9H8Xhv8nti8ZNb/yAUP9qFd7qCDDpXb/GomAdps7CVpj2y7HvAt9CN7xTZT0copOwlGTTnpkwtoaadtU1zfmg==
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-powered-by: Phusion Passenger(R)
status: 200 OK
access-control-max-age: 1728000
strict-transport-security: max-age=15724800; includeSubDomains
x-xss-protection: 1; mode=block
x-request-id: 6ceab720caf021e6fc56fd8543ea93dc
x-runtime: 0.034768
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
etag: W/"dedced6fe284bd2b35029b5332d8e244"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token

POST
H2 200 init Show response
apply.leader1.financial/auth/v1/ 503 B
1 KB 199ms
199ms XHR
application/json 34.239.197.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://apply.leader1.financial/auth/v1/init

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.239.197.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-239-197-208.compute-1.amazonaws.com

Software

/ Phusion Passenger(R)

Resource Hash

46b069b9a41e339b0fe1aa1309786dd269b9fa123a06854f1bc014c8c3c1f634

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://apply.leader1.financial/login
X-CSRF-Token: Z9H8Xhv8nti8ZNb/yAUP9qFd7qCDDpXb/GomAdps7CVpj2y7HvAt9CN7xTZT0copOwlGTTnpkwtoaadtU1zfmg==
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-powered-by: Phusion Passenger(R)
status: 200 OK
access-control-max-age: 1728000
strict-transport-security: max-age=15724800; includeSubDomains
x-xss-protection: 1; mode=block
x-request-id: c728b721b0a50eaf487cc4ee64376cd4
x-runtime: 0.071507
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
etag: W/"46b069b9a41e339b0fe1aa1309786dd2"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 33ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons|Barlow:200,300,400,500,600,700|Barlow+Condensed:200,300,400,500,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://apply.leader1.financial
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 05:33:18 GMT
x-content-type-options: nosniff
age: 569789
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 05:33:18 GMT

POST
H2 200 graphql Show response
apply.leader1.financial/ 405 B
1 KB 135ms
135ms Fetch
application/json 34.239.197.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://apply.leader1.financial/graphql

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.239.197.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-239-197-208.compute-1.amazonaws.com

Software

/ Phusion Passenger(R)

Resource Hash

cb9bedb351f0909f94f2f9b7a837c3d7055b960cd8d497c8638afff2f3a5fde6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept: */*
Referer: https://apply.leader1.financial/login
X-CSRF-Token: Z9H8Xhv8nti8ZNb/yAUP9qFd7qCDDpXb/GomAdps7CVpj2y7HvAt9CN7xTZT0copOwlGTTnpkwtoaadtU1zfmg==
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Tue, 08 Mar 2022 19:49:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-powered-by: Phusion Passenger(R)
status: 200 OK
access-control-max-age: 1728000
strict-transport-security: max-age=15724800; includeSubDomains
x-xss-protection: 1; mode=block
x-request-id: 12101d19d2c6166b31c07d5d84f35515
x-runtime: 0.033318
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
etag: W/"cb9bedb351f0909f94f2f9b7a837c3d7"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 14ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1604645625&t=pageview&_s=1&dl=https%3A%2F%2Fapply.leader1.financial%2Flogin&ul=en-us&de=UTF-8&dt=Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1592195076&gjid=300671521&cid=692836216.1646768988&tid=UA-22507366-1&_gid=200452402.1646768988&_r=1&_slc=1&z=1610707784

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://apply.leader1.financial/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 19:49:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://apply.leader1.financial
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 53ms
17ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22507366-1&cid=692836216.1646768988&jid=1592195076&gjid=300671521&_gid=200452402.1646768988&_u=IEBAAEAAAAAAAC~&z=775665858

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://apply.leader1.financial/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Mar 2022 19:49:47 GMT
content-type: text/plain
access-control-allow-origin: https://apply.leader1.financial
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 55ms
31ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22507366-1&cid=692836216.1646768988&jid=1592195076&_u=IEBAAEAAAAAAAC~&z=669916976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 19:49:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 90ms
53ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22507366-1&cid=692836216.1646768988&jid=1592195076&_u=IEBAAEAAAAAAAC~&z=669916976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apply.leader1.financial/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Mar 2022 19:49:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 sync Show response
apply.leader1.financial/auth/v1/ 1022 B
2 KB 453ms
452ms XHR
application/json 34.239.197.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://apply.leader1.financial/auth/v1/sync

Requested by

Host: assets.simplenexus.com
URL: https://assets.simplenexus.com/packs/js/login-1ef5c003b0f4445e9e1e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.239.197.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-239-197-208.compute-1.amazonaws.com

Software

/ Phusion Passenger(R)

Resource Hash

f4fafa5e2a18394aa29d8c6af29e330c7b0d8f2b343d6a282c4397e9595cba73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://apply.leader1.financial/login
X-CSRF-Token: Z9H8Xhv8nti8ZNb/yAUP9qFd7qCDDpXb/GomAdps7CVpj2y7HvAt9CN7xTZT0copOwlGTTnpkwtoaadtU1zfmg==
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 08 Mar 2022 19:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-powered-by: Phusion Passenger(R)
status: 200 OK
access-control-max-age: 1728000
strict-transport-security: max-age=15724800; includeSubDomains
x-xss-protection: 1; mode=block
x-request-id: aeaf7103812c6246583594af9bef5bb3
x-runtime: 0.144900
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
etag: W/"f4fafa5e2a18394aa29d8c6af29e330c"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: POST, GET, PUT, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, Token

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 30ms
14ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons|Barlow:200,300,400,500,600,700|Barlow+Condensed:200,300,400,500,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://apply.leader1.financial
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 2999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 18:59:49 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 25ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons|Barlow:200,300,400,500,600,700|Barlow+Condensed:200,300,400,500,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://apply.leader1.financial
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 603713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 20:07:55 GMT

GET
H3 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v125/ 121 KB
121 KB 22ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v125/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons|Barlow:200,300,400,500,600,700|Barlow+Condensed:200,300,400,500,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b49d58e13f9edc496b9e239b5e5c08757d26551bd16628cf996d3af0b769f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://apply.leader1.financial
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 22:57:34 GMT
x-content-type-options: nosniff
age: 161534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123876
x-xss-protection: 0
last-modified: Tue, 15 Feb 2022 21:23:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Mar 2023 22:57:34 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
apply.leader1.financial/	1970-01-20 02:10:43	Name: locale Value: en
apply.leader1.financial/	1969-12-31 23:59:59	Name: new_user Value: true
.leader1.financial/	1970-01-20 18:57:20	Name: _ga Value: GA1.2.692836216.1646768988
.leader1.financial/	1970-01-20 01:27:35	Name: _gid Value: GA1.2.200452402.1646768988
.leader1.financial/	1970-01-20 01:26:09	Name: _gat Value: 1
apply.leader1.financial/	1969-12-31 23:59:59	Name: auth_guid Value: eb203ebc-b909-446a-b04e-abf3a3bc00ae
apply.leader1.financial/	1969-12-31 23:59:59	Name: _simplenexus.com_session Value: RDFjUTM5eWlmdnJ6cHJSL1pnK2dKakQ0Z0VDK2JNRWdvMlRVbmoxZS9kS0NuOStsMGc0OWo0SG1KVXNCLytNMFhjUm1idktKK3FNY3JWZ3lOc2h3enkweEc1OW1teEVzY09za1FIUlpIaVZBdUJwU2c3ZmMwcEttRlpKMUtmaWFmQWQzSUI2Snl1c2FOU2YxK0VnUEsxYmZTMk83RWRBMmJvOWg3VGNqaXJCNGR0V1BZNTd1N2dJUmlSbS9WeW9KekNhRGdxdHFXaWdkTkxPOERVZitWR0VPdEJXNm5nNE1ha1dTeHVRSWR0cGZ6Q0J6dmZnZDRKWDBteVFaci9BQmxlaFFTdlFKdi9VcWtRWkFpekVobXc1UHAvbUtKTWhHWENhQzBISjVSOEZuQmV3THV4RHI3VXJOU01BS3ZjK2tmVnVVSnVScjFkZEkvM2pFRHkrK1hUbWVJWWdvVko0UWlzR3UvbHpDZXNaRHp2M21OMUw0VC9FaW9TOUp5V25kLS1YTTREcUZIRHlFcDA5cDNqT21uTmd3PT0%3D--a3c6df4600c09ba6c1f693fc9b34c80675262554

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	info	URL: https://apply.leader1.financial/login Message: Autofocus processing was blocked because a document already has a focused element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apply.leader1.financial
assets.simplenexus.com
fonts.googleapis.com
fonts.gstatic.com
images.simplenexus.com
sentry.io
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
18.66.112.100
18.66.97.14
2a00:1450:4001:802::2003
2a00:1450:4001:808::200a
2a00:1450:4001:808::200e
2a00:1450:4001:810::2003
2a00:1450:4001:813::2004
2a00:1450:4001:82f::2008
2a00:1450:400c:c07::9b
34.239.197.208
35.188.42.15
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
3f5f57702e8b52f7b073f4492d95832aec36735fc943dcd8c7d21652a28cf3fd
4182512dc7396e289a08ea3e564075fe9428043c53304a1824d28a0735482a59
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46b069b9a41e339b0fe1aa1309786dd269b9fa123a06854f1bc014c8c3c1f634
4b6ad8e2d70b16c402fc55269a6490aa8b9c9bd7d6be0d3bbeccdea02cd92cc1
5e3af63b1e736a83e85b6f21416476818e66b088cc69f623e7c1b7eb7ca6d921
63ad91d32a512d286dd67a6943b5f2ac9887f442678fa9df48437b5996d2c813
63b49d58e13f9edc496b9e239b5e5c08757d26551bd16628cf996d3af0b769f2
6a247466fdee5c38084915f06997c124e12c13cfe5900213f11a37f5d8b78ddd
72bdf6b72e3b07b5b67c667f3bad61caddcd88e70908d95382180d524cfaeee7
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
cb9bedb351f0909f94f2f9b7a837c3d7055b960cd8d497c8638afff2f3a5fde6
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
dedced6fe284bd2b35029b5332d8e24433c50392a7d436e17187be672ce73d8e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4fafa5e2a18394aa29d8c6af29e330c7b0d8f2b343d6a282c4397e9595cba73

apply.leader1.financial Open in urlscan Pro 34.239.197.208 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

64 %IPv6

10 Domains

11 Subdomains

11 IPs

3 Countries

728 kBTransfer

2269 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

7 Cookies

1 Console Messages

Security Headers

Indicators

apply.leader1.financial Open in urlscan Pro
34.239.197.208 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

64 %
IPv6

10
Domains

11
Subdomains

11
IPs

3
Countries

728 kB
Transfer

2269 kB
Size

7
Cookies

22 HTTP transactions
0 data transactions