PCAP, but that GET request seems a bit off…
The request to /flag returned raw hex data. Exporting it from Wireshark gave me a file that wasn’t recognized right off the bat.
After putting it into HxD, I noticed that it had most of the header of a PNG file. With the first two bytes being incorrect.
1E 11 4E 47
vs
89 50 4E 47
Fixing those bytes made a valid PNG, with the flag of FLAG{0f979c96e7}