us.ricoh-usa.com Open in urlscan Pro
142.0.165.137 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.learn.ricoh-usa.com/e/er?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_...
Effective URL:
https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Elo...
Submission: On November 08 via api (November 8th 2022, 7:23:03 pm UTC) from US — Scanned from DE

Summary HTTP 108 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 43 IPs in 3 countries across 32 domains to perform 108 HTTP transactions. The main IP is 142.0.165.137, located in United States and belongs to NETDYNAMICS, US. The main domain is us.ricoh-usa.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 6th 2021. Valid for: a year.

This is the only time us.ricoh-usa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	142.0.165.159 142.0.165.159	7160 (NETDYNAMICS) (NETDYNAMICS)
9	142.0.165.137 142.0.165.137	7160 (NETDYNAMICS) (NETDYNAMICS)
1 1	34.230.252.46 34.230.252.46	14618 (AMAZON-AES) (AMAZON-AES)
3	35.190.114.154 35.190.114.154	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:21:... 2606:4700:21::681b:c358	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	23.11.206.48 23.11.206.48	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.197.8.158 23.197.8.158	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	142.0.165.148 142.0.165.148	7160 (NETDYNAMICS) (NETDYNAMICS)
1 4	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 3	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:480... 2a02:26f0:480:f::213:7ecb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:440... 2606:4700:4400::6812:2a27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:1ec:40::44 2620:1ec:40::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	44.206.39.165 44.206.39.165	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	46.137.132.32 46.137.132.32	16509 (AMAZON-02) (AMAZON-02)
1 3	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2016	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700:e2:... 2606:4700:e2::ac40:8920	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:228d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::347	54113 (FASTLY) (FASTLY)
2	20.120.65.166 20.120.65.166	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	34.75.172.129 34.75.172.129	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	34.193.178.177 34.193.178.177	14618 (AMAZON-AES) (AMAZON-AES)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	143.204.89.129 143.204.89.129	16509 (AMAZON-02) (AMAZON-02)
1	13.224.189.43 13.224.189.43	16509 (AMAZON-02) (AMAZON-02)
1	54.145.152.25 54.145.152.25	14618 (AMAZON-AES) (AMAZON-AES)
1	63.34.6.182 63.34.6.182	16509 (AMAZON-02) (AMAZON-02)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
108	43

1 142.0.165.159 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)

app.learn.ricoh-usa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.0.165.137 (United States)

ASN7160 (NETDYNAMICS, US)

us.ricoh-usa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.230.252.46 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-252-46.compute-1.amazonaws.com

cdn.reachforce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.114.154 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 154.114.190.35.bc.googleusercontent.com

sfc.leadspace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:21::681b:c358 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.plyr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.11.206.48 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-11-206-48.deploy.static.akamaitechnologies.com

images.learn.ricoh-usa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.8.158 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-8-158.deploy.static.akamaitechnologies.com

img03.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.0.165.148 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)

s2073603363.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7caf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:f::213:7ecb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2a27 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:40::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 44.206.39.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-206-39-165.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.137.132.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

tribl.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e2::ac40:8920 (United States)

ASN13335 (CLOUDFLARENET, US)

api.fouanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:228d (United States)

ASN13335 (CLOUDFLARENET, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::347 (United States)

ASN54113 (FASTLY, US)

noembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.120.65.166 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

l.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.75.172.129 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 129.172.75.34.bc.googleusercontent.com

sfgw.leadspace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.193.178.177 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-178-177.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-129.fra50.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-43.fra2.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.145.152.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-152-25.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.6.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-6-182.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	ricoh-usa.com 1 redirects app.learn.ricoh-usa.com us.ricoh-usa.com images.learn.ricoh-usa.com	1 MB
11	youtube.com www.youtube.com — Cisco Umbrella Rank: 94	865 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1648 l.clarity.ms — Cisco Umbrella Rank: 11504 c.clarity.ms — Cisco Umbrella Rank: 2370	59 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2631 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 6739 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 6709 tracking.crazyegg.com — Cisco Umbrella Rank: 6657	35 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3895	9 KB
5	clickagy.com 2 redirects tags.clickagy.com — Cisco Umbrella Rank: 12773 aorta.clickagy.com — Cisco Umbrella Rank: 2565 hemsync.clickagy.com — Cisco Umbrella Rank: 11682	15 KB
5	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 349 fonts.googleapis.com — Cisco Umbrella Rank: 118	31 KB
5	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 static.doubleclick.net — Cisco Umbrella Rank: 421	2 KB
5	leadspace.com sfc.leadspace.com — Cisco Umbrella Rank: 154350 sfgw.leadspace.com — Cisco Umbrella Rank: 155845	249 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 815 www.linkedin.com — Cisco Umbrella Rank: 745 px4.ads.linkedin.com — Cisco Umbrella Rank: 7246	4 KB
3	fouanalytics.com api.fouanalytics.com — Cisco Umbrella Rank: 13924	8 KB
3	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 106	349 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 17	15 KB
3	tribl.io tribl.io — Cisco Umbrella Rank: 82654	9 KB
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 1127	3 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 361	42 KB
3	plyr.io cdn.plyr.io — Cisco Umbrella Rank: 14815	42 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	google.de www.google.de — Cisco Umbrella Rank: 3590	656 B
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 34357 apt.techtarget.com — Cisco Umbrella Rank: 44324	2 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1420	4 KB
2	eloqua.com 1 redirects s2073603363.t.eloqua.com	996 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 121	162 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 445	555 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 899	98 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 683	304 B
1	noembed.com noembed.com — Cisco Umbrella Rank: 43160	1003 B
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 202	2 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10035	2 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 156	2 KB
1	en25.com img03.en25.com — Cisco Umbrella Rank: 32711	4 KB
1	reachforce.com 1 redirects cdn.reachforce.com — Cisco Umbrella Rank: 695637	260 B
108	32

	Domain	Requested by
12	images.learn.ricoh-usa.com	us.ricoh-usa.com
11	www.youtube.com	us.ricoh-usa.com www.youtube.com cdn.plyr.io
9	us.ricoh-usa.com	us.ricoh-usa.com
6	tags.srv.stackadapt.com	us.ricoh-usa.com tags.srv.stackadapt.com
4	jnn-pa.googleapis.com	www.youtube.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
4	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com www.youtube.com
3	aorta.clickagy.com	2 redirects tags.clickagy.com
3	api.fouanalytics.com	tribl.io us.ricoh-usa.com api.fouanalytics.com
3	i.ytimg.com	us.ricoh-usa.com www.youtube.com cdn.plyr.io
3	www.google.com	1 redirects us.ricoh-usa.com www.youtube.com
3	tribl.io	www.googletagmanager.com us.ricoh-usa.com
3	www.clarity.ms	us.ricoh-usa.com www.clarity.ms
3	unpkg.com	2 redirects us.ricoh-usa.com
3	cdnjs.cloudflare.com	us.ricoh-usa.com
3	cdn.plyr.io	us.ricoh-usa.com cdn.plyr.io
3	sfc.leadspace.com	us.ricoh-usa.com cdn.reachforce.com
2	c.clarity.ms	1 redirects
2	sfgw.leadspace.com	sfc.leadspace.com
2	l.clarity.ms	www.clarity.ms
2	fonts.gstatic.com	www.youtube.com
2	px.ads.linkedin.com	2 redirects
2	www.google.de	us.ricoh-usa.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	s2073603363.t.eloqua.com	1 redirects us.ricoh-usa.com
2	www.googletagmanager.com	us.ricoh-usa.com
1	c.bing.com	1 redirects
1	tracking.crazyegg.com	script.crazyegg.com
1	hemsync.clickagy.com	tags.clickagy.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	id.rlcdn.com	us.ricoh-usa.com
1	us-u.openx.net	us.ricoh-usa.com
1	fonts.googleapis.com	client
1	noembed.com	cdn.plyr.io
1	tags.clickagy.com	ws.zoominfo.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	px4.ads.linkedin.com	us.ricoh-usa.com
1	www.linkedin.com	1 redirects
1	apt.techtarget.com	us.ricoh-usa.com
1	ws.zoominfo.com	us.ricoh-usa.com
1	trk.techtarget.com	us.ricoh-usa.com
1	www.googleadservices.com	www.googletagmanager.com
1	img03.en25.com	us.ricoh-usa.com
1	cdn.reachforce.com	1 redirects
1	app.learn.ricoh-usa.com	1 redirects
108	47

This site contains links to these domains. Also see Links.

Domain
app.learn.ricoh-usa.com
www3.weforum.org

Subject Issuer	Validity	Valid
*.ricoh-usa.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-06` - `2022-12-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.plyr.io GTS CA 1P5	`2022-10-31` - `2023-01-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
images.learn.ricoh-usa.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-06` - `2022-12-06`	a year	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-17` - `2023-07-18`	a year	crt.sh
*.leadspace.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-20` - `2023-10-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2022-10-09` - `2023-11-07`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2022-05-04` - `2023-05-04`	a year	crt.sh
tribl.io R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.techtarget.com Thawte RSA CA 2018	`2022-09-27` - `2023-10-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
noembed.com R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.clickagy.com Amazon	`2021-12-15` - `2023-01-12`	a year	crt.sh
crazyegg.com Amazon	`2022-06-27` - `2023-07-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Frame ID: 215EE66CD7442062A0AD2B41E4A3613C
Requests: 86 HTTP requests in this frame

Frame: https://www.youtube.com/embed/MycCwkdJ4Nc?origin=https://plyr.io&width=640&height=480&iv_load_policy=3&modestbranding=1&playsinline=1&showinfo=0&rel=0&enablejsapi=1
Frame ID: DE441C34B731959B2F58AE7747078798
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/MycCwkdJ4Nc?origin=https://plyr.io&width=640&height=480&iv_load_policy=3&modestbranding=1&playsinline=1&showinfo=0&rel=0&enablejsapi=1
Frame ID: E8E21A7DCB03536C50CEF3C1020CF5BF
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
Frame ID: F7A8BD3AFE896B65C08921A38F2FFC2D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Stop ransomware breaches with RansomCare

Page URL History Show full URLs

https://app.learn.ricoh-usa.com/e/er?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&ut... HTTP 302
https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=... Page URL

Detected technologies

Plyr (Video players) Expand

Overall confidence: 100%
Detected patterns

https://cdn\.plyr\.io/([0-9.]+)/.+\.js

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

108
Requests

90 %
HTTPS

52 %
IPv6

32
Domains

47
Subdomains

43
IPs

3
Countries

3028 kB
Transfer

6539 kB
Size

33
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://app.learn.ricoh-usa.com/e/er?s=2073603363&lid=17841&elqTrackId=22d536b9ddee40128f0613ede865eb9c&elq=00000000000000000000000000000000&elqaid=3328&elqat=2
Title: Get more info

Search URL Search Domain Scan URL

URL: https://app.learn.ricoh-usa.com/e/er?s=2073603363&lid=18571&elqTrackId=ab5226ac6b2948c2b4e8a2e5757bf36c&elq=00000000000000000000000000000000&elqaid=3328&elqat=2
Title: In The Nick Of Time: Stop Ransomware Attacks In Their Tracks With Bullwall

Search URL Search Domain Scan URL

URL: https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf?elqTrackId=a406fd21234f43e8ab32467c4d63c49b&elqaid=3328&elqat=2
Title: The Global Risks Report 2022

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.learn.ricoh-usa.com/e/er?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=&s=2073603363&lid=18609&elqTrackId=4dbd55a755254a82ab2d9baf793baf77&elq=38dba6dbac8848caa7aa309987ada89f&elqaid=33772&elqat=1 HTTP 302
https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cdn.reachforce.com/SmartForms.js HTTP 301
https://sfc.leadspace.com/SmartForms.js

Request Chain 20

https://s2073603363.t.eloqua.com/visitor/v200/svrGP?pps=60&siteid=2073603363&PURLSiteID=4&optin=disabled&PURLSiteAlternateDNSID=0&LandingPageID=3328&PURLRecordID=0&PURLGUID=B26CA8830A7347B4963BD3F34CDB95C1&UseRelativePath=True&elq={00000000-0000-0000-0000-000000000000}&firstPartyCookieDomain=us.ricoh-usa.com&elqGUID=b26ca883-0a73-47b4-963b-d3f34cdb95c1&elq_ck=0&utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= HTTP 302
https://s2073603363.t.eloqua.com/eloquaimages/tinydot.gif

Request Chain 29

https://unpkg.com/web-vitals HTTP 302
https://unpkg.com/web-vitals@3.0.4 HTTP 302
https://unpkg.com/web-vitals@3.0.4/dist/web-vitals.iife.js

Request Chain 39

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=kaxqY5vxMMS3mLAPz6qKkAo&sscte=1&crd=&pscrd=EkxDaEFJZ0ptb213WVF6WkhQX2F2Ym5ZZ1RFaVVBdy15c2x1ZHo1Vm94cXJmQnl3c0tuUjYyZEF4RmxhcE1qOEtpdUVrZGc5dGx4MXZkGldDaEFJZ0ptb213WVFzTkNTMk5mMjFfOTFFaTBBTEpIVnVFZF9jUFZhZ0FNZVRzNi1WVFV3d0l6Q3FKZE5lbk1KTG0ya2lJWEh2VUtfbnZ5RW9PRTF6eTQ HTTP 302
https://www.google.com/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0ptb213WVF6WkhQX2F2Ym5ZZ1RFaVVBdy15c2x1ZHo1Vm94cXJmQnl3c0tuUjYyZEF4RmxhcE1qOEtpdUVrZGc5dGx4MXZkGldDaEFJZ0ptb213WVFzTkNTMk5mMjFfOTFFaTBBTEpIVnVFZF9jUFZhZ0FNZVRzNi1WVFV3d0l6Q3FKZE5lbk1KTG0ya2lJWEh2VUtfbnZ5RW9PRTF6eTQ&is_vtc=1&ocp_id=kaxqY5vxMMS3mLAPz6qKkAo&cid=CAQSKQDq26N9Bcw4alzaA41OK8upezJ_bpxonq8XLPZGdsQz5JT---ieAGMpIBM&random=60074940 HTTP 302
https://www.google.de/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0ptb213WVF6WkhQX2F2Ym5ZZ1RFaVVBdy15c2x1ZHo1Vm94cXJmQnl3c0tuUjYyZEF4RmxhcE1qOEtpdUVrZGc5dGx4MXZkGldDaEFJZ0ptb213WVFzTkNTMk5mMjFfOTFFaTBBTEpIVnVFZF9jUFZhZ0FNZVRzNi1WVFV3d0l6Q3FKZE5lbk1KTG0ya2lJWEh2VUtfbnZ5RW9PRTF6eTQ&is_vtc=1&ocp_id=kaxqY5vxMMS3mLAPz6qKkAo&cid=CAQSKQDq26N9Bcw4alzaA41OK8upezJ_bpxonq8XLPZGdsQz5JT---ieAGMpIBM&random=60074940&ipr=y&prhg=0

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4336274%26time%3D1667935377902%26url%3Dhttps%253A%252F%252Fus.ricoh-usa.com%252FRansomCare-A%253Futm_campaign%253DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%2526utm_medium%253Demail%2526utm_source%253DEloqua%2526utm_content%253DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%2526Elqcampid%253D2242%2526Rforcecampid%253D%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&liSync=true&e_ipv6=AQIcM6JWnQFJvgAAAYRYshwwmF0PC9Kl0g01g1zuEh_b8bwQCxRqtYPx6fCpujVl

Request Chain 90

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag HTTP 302
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D

Request Chain 91

https://aorta.clickagy.com/liveramp_redir HTTP 302
https://id.rlcdn.com/711861.gif

Request Chain 104

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&RedC=c.clarity.ms&MXFR=2EB453EC9E656E85228B41BA9A656059 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&MUID=28743C2D6762685601C02E7B66CE6929

108 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request RansomCare-A Show response
us.ricoh-usa.com/
Redirect Chain

https://app.learn.ricoh-usa.com/e/er?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rfo...
https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rf...

71 KB
17 KB

1477ms
510ms

Document
text/html

142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

7a16af39ebf4aae16ca19358e9b7ce8e2045ee0ce330b4a1465d97c22a1b1c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Content-Encoding: gzip
Content-Length: 16454
Content-Type: text/html; charset=utf-8
Date: Tue, 08 Nov 2022 19:22:56 GMT
Expires: -1
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

Redirect headers

Cache-Control: no-store
Content-Length: 345
Content-Type: text/html; charset=utf-8
Date: Tue, 08 Nov 2022 19:22:55 GMT
Expires: -1
Location: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block

GET
H2

200

SmartForms.js Show response
sfc.leadspace.com/
Redirect Chain

https://cdn.reachforce.com/SmartForms.js
https://sfc.leadspace.com/SmartForms.js

3 KB
4 KB

286ms
249ms

Script
application/javascript

35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/SmartForms.js

Requested by

Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=

Protocol

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:09:39 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 798
x-guploader-uploadid: ADPycdv14x7rJsfbRCJO2oPn21P2YEpOAVukkzX0BIx5NVdp-QtUVIRbeZD_v0Bznlu3Q-yQVsjIDpkC5FndI8fmK8NjhhvjZXAz
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2718
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Sun, 30 Oct 2022 13:46:44 GMT
server: UploadServer
etag: "557a04d61944100c7badd3f08c3e0fd3"
x-frame-options: SAMEORIGIN
x-goog-generation: 1622356605704395
x-goog-hash: crc32c=6Pcn1A==, md5=VXoE1hlEEAx7rdPwjD4P0w==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 2718
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 08 Nov 2022 20:09:39 GMT

Redirect headers

Location: https://sfc.leadspace.com/SmartForms.js
Date: Tue, 08 Nov 2022 19:22:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 178 KB
66 KB 52ms
22ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-953119949

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fdf69e229adb4f3335f2620c5234989116782d4e105f54affe7edb2ac79b9b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66779
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 18:04:33 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H2 200 plyr.css
cdn.plyr.io/3.7.2/ 33 KB
6 KB 106ms
32ms Stylesheet
text/css 2606:4700:21::681b:c358
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.7.2/plyr.css
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::681b:c358 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d1c0431c216e6bc20750cba7eaff0399e7f1885a883f51ebb755358dedbeb15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
via: 1.1 varnish, 1.1 varnish
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16994147
x-amz-request-id: N4CD6EQNA2QN671N
cf-polished: origSize=33875
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: eBBA9E/1ut3fU4+LuCguxXfWp4k8FzIfbEnQMl0N+jnpWpUK9BQVMbgI3Y+5go/PELlwz06ZJ8w=
x-served-by: cache-iad-kcgs7200171-IAD, cache-lcy19243-LCY
cf-bgj: minify
last-modified: Wed, 20 Apr 2022 10:14:54 GMT
server: cloudflare
x-timer: S1650941231.886453,VS0,VE0
etag: W/"a1aeec768d6108bf625dcb56212430fc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tThuV8N7vhJJEDkKF4rKm05SkWE6qKwTPLX9%2Bg2Amx4kJy%2BLDNtKCdt%2BdNQfbgi0ABqVYvfbVgEMryFn7MISuUnPmFdUf%2Bq27bJGxYeHS07mJQbH6HWD9S%2BUJEFofLOh5NfmngbSkY3"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000, immutable
cf-ray: 7670ae2abbfce68c-LHR
x-cache-hits: 1, 2

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/a336babc/www-widgetapi.vflset/ 156 KB
52 KB 37ms
8ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a336babc/www-widgetapi.vflset/www-widgetapi.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03bdda2b417d8cff1b2c8293c02685fd1670ca563e5514d74bffc8cd5a108e04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 12:44:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 455936
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52493
x-xss-protection: 0
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 03 Nov 2023 12:44:01 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ 69 KB
25 KB 50ms
24ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/gsap.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06f66c7beb4164979a2bc183462dbbb4a148d374d6aca4dc0b0548d8aeae8387

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 653122
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25107
last-modified: Tue, 27 Sep 2022 06:04:22 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63329266-6213"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cc6MLCik91LJWAACmKECkTEWThK9f5KfrPAIdyCK58%2BL1AS8gX6%2BLZapKYyvv0bm7I3wY8voRUt1PSWciYoBMtf2dyClWPW2dKCxO3SVtxdP4XVrmz1QFGBAbpzWd9rwhBcUG8agtCMVbtV%2Bgjxf5FB6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae2a6da59196-FRA
expires: Sun, 29 Oct 2023 19:22:57 GMT

GET
H2 200 ScrollTrigger.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ 38 KB
15 KB 49ms
23ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ScrollTrigger.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4f51f53e586512e89dc3977ce41de16d16c211bd29d8d45ad6e84e064c19832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3659013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14582
last-modified: Tue, 27 Sep 2022 06:04:22 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63329266-38f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JHxkintPe%2FqezxrFv6KvMnXNkjlse5mqqiIbUet1wfOPJY3smJaG8zLugcDpX3I9RivqCPBJO7tIKpQ2uL73YJBiKOHfPg9cqRR6tHkdzit4sANHChy6cH1y%2FWchenPV4SYVcl%2Bx4gZKgH5jxVX0%2Ft8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae2a6da89196-FRA
expires: Sun, 29 Oct 2023 19:22:57 GMT

GET
H2 200 ScrollToPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ 4 KB
2 KB 48ms
22ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ScrollToPlugin.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac379c6878833c6c9e4866f39a415a6a9f5edffacc731a07b5ccdfecfd855bb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3495221
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1637
last-modified: Tue, 27 Sep 2022 06:04:22 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63329266-665"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W2fKMF05rvLZEHmlehJZGXw7dTKA5LMLFOIF48b4PTCFV%2BtDZiU%2BY22ZT21KfbSkSkVSavtgSWQ4wKkqwQdanVHB8l9src6YFAbLndNaspmloIwsj99dYHy2M3kVvfqWmhZd7H%2FrsRbapZnvRUcuPDVM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae2a6da99196-FRA
expires: Sun, 29 Oct 2023 19:22:57 GMT

GET
H2 200 plyr.js Show response
cdn.plyr.io/3.7.2/ 108 KB
33 KB 120ms
47ms Script
application/javascript 2606:4700:21::681b:c358
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.7.2/plyr.js
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::681b:c358 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8511b3608ee3391e3f6a006ea476f62ddce8cfff29115277d56bf1c555341821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
via: 1.1 varnish, 1.1 varnish
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16994901
x-amz-request-id: N4C55XBPC355XPHP
cf-polished: origSize=110918
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ZAt8Nk9RB1v8QwP+a/Ti0Q0Gzu41NfMf/ofTH6JZAtBD9+SV9B3aCl8vT9Dvckdgue2gYi7K1lA=
x-served-by: cache-iad-kjyo7100123-IAD, cache-lcy19267-LCY
cf-bgj: minify
last-modified: Wed, 20 Apr 2022 10:14:08 GMT
server: cloudflare
x-timer: S1650940476.355442,VS0,VE1
etag: W/"9f40125939372a80ab9cd478b8dd31b7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zK0DVBOnfYWa2UmQ%2BRi5WoJbUECp48PpmAMkCUwyMSWdzRyy7vEJnIzJlwIrxvIC26GF%2FGJYlzUD2zKdV%2BlcPRTCdnsJKZ6l0iwhwgJ1rZg7PFIwSTIFjhz8uOJBkASJmr9wHQffLA9"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000, immutable
cf-ray: 7670ae2abbfee68c-LHR
x-cache-hits: 1, 1

GET
H/1.1 200
OK %7B984340f1-ec7a-4e2a-a8f1-c6bc393bea45%7D_app.fb3059ff.css
images.learn.ricoh-usa.com/Web/Ricoh/ 21 KB
5 KB 714ms
150ms Stylesheet
text/css 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://images.learn.ricoh-usa.com/Web/Ricoh/%7B984340f1-ec7a-4e2a-a8f1-c6bc393bea45%7D_app.fb3059ff.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

f1d1eb692078151e3a5b19cb95f1ebc436dddd440037df51e2a8205568e2e15f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: text/css
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 4308
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 992 B
1 KB 54ms
26ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

874e87fa935e7bccb5fa562bb4796cb9016ffda5fe036c748cd6458de421bf67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7Bc66de980-2cb4-4388-b24d-3c6aa40cafce%7D_man-holding-cell-hero-mobile.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 146 KB
147 KB 444ms
442ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7Bc66de980-2cb4-4388-b24d-3c6aa40cafce%7D_man-holding-cell-hero-mobile.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

704429b96160b5a4f8b5620ef527dee3f7f33bf4e5ff4ad85cb9b8651b9f39a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 149706
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:58 GMT

GET
H/1.1 200
OK %7B4c788c3a-3a73-49bf-9d08-f1249bb5a3a0%7D_man-holding-cell-hero.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 132 KB
132 KB 30ms
13ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B4c788c3a-3a73-49bf-9d08-f1249bb5a3a0%7D_man-holding-cell-hero.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

15017d2d8833b3447fae441d55970e7ef5fec6926ff37b11d2fb5b7333235cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 134903
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK livevalidation_standalone.compressed.js Show response
img03.en25.com/i/ 13 KB
4 KB 163ms
126ms Script
application/x-javascript 23.197.8.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img03.en25.com/i/livevalidation_standalone.compressed.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.197.8.158 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-8-158.deploy.static.akamaitechnologies.com

Software

Resource Hash

36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:57 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 3717
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 12 Jul 2022 22:09:35 GMT
ETag: "e56e3c123c96d81:0"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-store
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7Bdef715f8-5752-45a2-9420-17391a009f12%7D_security-cloud.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 7 KB
7 KB 46ms
28ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7Bdef715f8-5752-45a2-9420-17391a009f12%7D_security-cloud.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

ffbb8e582693bffa8208f660f0545d011344f1cc763bb03bf8c91391f05f346c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 6836
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7B0edb2855-de16-4c3f-9bca-9b1c71f81148%7D_Icon_2.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 6 KB
7 KB 63ms
31ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B0edb2855-de16-4c3f-9bca-9b1c71f81148%7D_Icon_2.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

c7398c2da6a00bcba75812a3dc8df713fe94beaf5b24c159abeb1a576ae500a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 6507
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7B717702a6-fff8-4eab-bb19-611cc630df3d%7D_cyber-pill.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 8 KB
8 KB 446ms
413ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B717702a6-fff8-4eab-bb19-611cc630df3d%7D_cyber-pill.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8e1dce265cea7d90e478aa40cb736db23297ccaac0fb4d76e42b4ea129c4c09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 8204
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:58 GMT

GET
H/1.1 200
OK %7B2c44ff52-3132-442c-9503-85bdd0315f62%7D_girl-with-laptop.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 254 KB
254 KB 61ms
13ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B2c44ff52-3132-442c-9503-85bdd0315f62%7D_girl-with-laptop.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

85f45260ca6a2077a6756e50d8c0271c08f03bd8f63af4ab97f4297596520e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 259932
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7B26b85dd8-3214-4033-a583-693e4e7cde0f%7D_woman-in-meeting.jpg
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 40 KB
40 KB 18ms
13ms Image
image/jpeg 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B26b85dd8-3214-4033-a583-693e4e7cde0f%7D_woman-in-meeting.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

caf63b3ed8937749dfafd38336b252bc3a09cd808c9999ebc4a4dd4cb5b56691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/jpeg
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 40497
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK %7B980e2aca-356c-41a9-979d-61ed2c37047c%7D_cell-phone-with-waves.jpg
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 40 KB
41 KB 463ms
450ms Image
image/jpeg 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B980e2aca-356c-41a9-979d-61ed2c37047c%7D_cell-phone-with-waves.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

a44db99606e49694ff9f128abc52948fce50e21e1661018fbfa8eca19eb6c466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/jpeg
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 41180
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:58 GMT

GET
H/1.1 200
OK %7B62c2a0b9-0f90-4524-a08d-84a90ff4c75b%7D_Powered_by_Bullwall_%281%29.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 4 KB
4 KB 20ms
17ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B62c2a0b9-0f90-4524-a08d-84a90ff4c75b%7D_Powered_by_Bullwall_%281%29.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

001076b9bbb2243ef99012ad9078217ca6422f866fdfff9a26f0983432829d6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:57 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 3592
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1

200
OK

tinydot.gif
s2073603363.t.eloqua.com/eloquaimages/
Redirect Chain

https://s2073603363.t.eloqua.com/visitor/v200/svrGP?pps=60&siteid=2073603363&PURLSiteID=4&optin=disabled&PURLSiteAlternateDNSID=0&LandingPageID=3328&PURLRecordID=0&PURLGUID=B26CA8830A7347B4963BD3F3...
https://s2073603363.t.eloqua.com/eloquaimages/tinydot.gif

49 B
541 B

97ms
97ms

Image
image/gif

142.0.165.148
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s2073603363.t.eloqua.com/eloquaimages/tinydot.gif

Requested by

Protocol

HTTP/1.1

Server

142.0.165.148 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 12 Jul 2022 22:09:30 GMT
ETag: "26117f3c96d81:0"
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-XSS-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Location: /eloquaimages/tinydot.gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 142
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H2 200 148031.js Show response
sfc.leadspace.com/ 50 KB
50 KB 14ms
11ms Script
text/javascript 35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/148031.js

Requested by

Host: cdn.reachforce.com
URL: https://cdn.reachforce.com/SmartForms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

136c1a1fb156066c47e5a1d5bd89b407f9a72ef3f3cf18ba8c824b1fd0a50658

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 18:59:50 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 1387
x-guploader-uploadid: ADPycdtDvKfZWE5ktjdhb9WnhLHTPQE4wJpqvCiaSZr_ytDcqv1GmQdqmhYXxE7FZRo-IDht3c-OoYcQNgRFPimgejXyyA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51193
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Oct 2021 21:54:54 GMT
server: UploadServer
etag: "50a8c78fb6da6174ebce5a090b8ed78c"
x-frame-options: SAMEORIGIN
x-goog-generation: 1634075694585943
x-goog-hash: crc32c=BKDSVQ==, md5=UKjHj7baYXTrzloJC47XjA==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 51193
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 08 Nov 2022 19:59:50 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/953119949/ 2 KB
2 KB 65ms
28ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/953119949/?random=1667935377709&cv=11&fst=1667935377709&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&auid=395407092.1667935378&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-953119949

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

085c311f2cdb713a1e641f8b79ed9b6df08596e7a6a5900983c8563e7d88c307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1017
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/953119949/ 2 KB
2 KB 64ms
25ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/953119949/?random=1667935377719&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-953119949

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

783c3d4a6931e9e51e9be6faffa02d05676921bdf512dc211982a37070d588fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 335 KB
96 KB 43ms
41ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TQV9JLL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cc2c0f32958626009066e8979806e385913041f697166912b8279e17c57e141b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98105
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 18:04:33 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Nov 2022 19:22:57 GMT

GET
H/1.1 200
OK AkkuratLLWeb-Black.woff
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 611ms
610ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK AkkuratLLWeb-Regular.woff
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 553ms
552ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:57 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK AkkuratLLWeb-Bold.woff
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 754ms
564ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/c4225c42/www-widgetapi.vflset/ 161 KB
53 KB 35ms
12ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c64fcbaf5909fcab9ad263ef654d029a486aac70414f6504a0c7d3f04a93fcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 17:56:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53867
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 08 Nov 2023 17:56:24 GMT

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@3.0.4/dist/
Redirect Chain

https://unpkg.com/web-vitals
https://unpkg.com/web-vitals@3.0.4
https://unpkg.com/web-vitals@3.0.4/dist/web-vitals.iife.js

7 KB
3 KB

21ms
21ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@3.0.4/dist/web-vitals.iife.js

Requested by

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc2b5bddcf1a22673c3dca50357eb75f0767e259dae969fa3fcf2770d9b764d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1790823
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GFPZ8JHDGB2F35QWB5ZYG8ZF-fra
server: cloudflare
etag: W/"1a3a-hcVpXUspBNC1/NAQABcyCbLFezA"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7670ae300b149bf4-FRA

Redirect headers

date: Tue, 08 Nov 2022 19:22:57 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01GGSVE1BNJSTASN72D3B7V5MF-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 620434
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@3.0.4/dist/web-vitals.iife.js
cache-control: public, max-age=31536000
cf-ray: 7670ae2fdaac9bf4-FRA

GET
H2 200 2431.js Show response
script.crazyegg.com/pages/scripts/0103/ 6 KB
2 KB 88ms
55ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0103/2431.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQV9JLL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a9e9089451b2c387f04a08643794670ee0a3c7e0602d5b009d88ad5903cb6ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 10864
cf-polished: origSize=6088
ce-version: 11.4.35
cf-bgj: minify
last-modified: Tue, 08 Nov 2022 16:21:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 7670ae2fbbffbbcd-FRA

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10884450589/ 43 B
61 B 46ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10884450589/?random=1667935377811&cv=11&fst=1667935377811&bg=ffffff&guid=ON&async=1&gtm=2wgb20&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&rdp=1&auid=395407092.1667935378&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQV9JLL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 997 B
639 B 31ms
9ms Script
application/x-javascript 2a02:26f0:480:f::213:7ecb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQV9JLL
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ecb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: bb16ee6fd17d39c404201dc8db250ddc46b29c963d4334b3952e9508eb1c4381

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: gzip
last-modified: Tue, 08 Nov 2022 00:38:08 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=19443
accept-ranges: bytes
content-length: 471

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 51ms
27ms Script
text/javascript 2606:4700:4400::6812:2a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 174
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 7670ae2f8af86951-FRA
expires: Tue, 08 Nov 2022 19:30:03 GMT

GET
H2 200 3w3fm7xuvk Show response
www.clarity.ms/tag/ 2 KB
2 KB 206ms
120ms Script
application/x-javascript 2620:1ec:40::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/3w3fm7xuvk
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3d997a0924dd490d6c9f53c8096cc21cb0f61609d501cc3bd7a164069abc807f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: application/x-javascript
date: Tue, 08 Nov 2022 19:22:57 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0kaxqYwAAAAAd+CCjrrjXR6639s1vigdXRlJBMjMxMDUwNDE5MDIxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 6gpvemcj11 Show response
www.clarity.ms/tag/ 1 KB
2 KB 205ms
120ms Script
application/x-javascript 2620:1ec:40::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/6gpvemcj11
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f1091a10ed2a757eeafb86139fe5645cef1b7edaf13ba446de20d58f2afc6d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: application/x-javascript
date: Tue, 08 Nov 2022 19:22:57 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0kaxqYwAAAADWABH+55IVR4d+eD6xaoHZRlJBMjMxMDUwNDE5MDIxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 424ms
103ms Script
text/javascript 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: 1e95185332e68ad90f66a00404a0543bef49cac4f84e0907b1b08111ea0d4b42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 08 Nov 2022 19:22:58 GMT
Cache-Control: max-age=5
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 5389
Content-Type: text/javascript

GET
H2 200 62e3f05631411d0090cac625 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 250ms
227ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62e3f05631411d0090cac625

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

52a4d3d7006be69ef61d35d11407eebf4d8c9db48a5e6e2bfdb2ec09988bcc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7670ae2ffd4bbb80-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type

GET
H/1.1 200
OK footer.js Show response
tribl.io/ 3 KB
2 KB 119ms
38ms Script
text/plain 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tribl.io/footer.js?orgId=4oG6jR7ObKiPwke6bx1E
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TQV9JLL
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5fa19fe08cee3095fa92e117783ab56c3b27640337193874b8666a4678189e6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 08 Nov 2022 19:22:58 GMT
Content-Encoding: gzip
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: keep-alive
ContentType: text/javascript
Content-Length: 1294

GET
H2

200

/
www.google.de/pagead/1p-conversion/953119949/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM...
https://www.google.com/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservi...
https://www.google.de/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservic...

42 B
108 B

46ms
28ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0ptb213WVF6WkhQX2F2Ym5ZZ1RFaVVBdy15c2x1ZHo1Vm94cXJmQnl3c0tuUjYyZEF4RmxhcE1qOEtpdUVrZGc5dGx4MXZkGldDaEFJZ0ptb213WVFzTkNTMk5mMjFfOTFFaTBBTEpIVnVFZF9jUFZhZ0FNZVRzNi1WVFV3d0l6Q3FKZE5lbk1KTG0ya2lJWEh2VUtfbnZ5RW9PRTF6eTQ&is_vtc=1&ocp_id=kaxqY5vxMMS3mLAPz6qKkAo&cid=CAQSKQDq26N9Bcw4alzaA41OK8upezJ_bpxonq8XLPZGdsQz5JT---ieAGMpIBM&random=60074940&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/953119949/?random=360075089&cv=11&fst=1667935377719&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&label=IpIpCIvHq3sQzem9xgM&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&gtm_ee=1&auid=395407092.1667935378&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0ptb213WVF6WkhQX2F2Ym5ZZ1RFaVVBdy15c2x1ZHo1Vm94cXJmQnl3c0tuUjYyZEF4RmxhcE1qOEtpdUVrZGc5dGx4MXZkGldDaEFJZ0ptb213WVFzTkNTMk5mMjFfOTFFaTBBTEpIVnVFZF9jUFZhZ0FNZVRzNi1WVFV3d0l6Q3FKZE5lbk1KTG0ya2lJWEh2VUtfbnZ5RW9PRTF6eTQ&is_vtc=1&ocp_id=kaxqY5vxMMS3mLAPz6qKkAo&cid=CAQSKQDq26N9Bcw4alzaA41OK8upezJ_bpxonq8XLPZGdsQz5JT---ieAGMpIBM&random=60074940&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/953119949/ 42 B
108 B 25ms
25ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/953119949/?random=1667935377709&cv=11&fst=1667934000000&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2498589274&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/953119949/ 42 B
548 B 55ms
24ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/953119949/?random=1667935377709&cv=11&fst=1667934000000&bg=ffffff&guid=ON&async=1&gtm=2oab70&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&tiba=Stop%20ransomware%20breaches%20with%20RansomCare&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2498589274&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:480:f::213:7ecb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ecb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
content-encoding: gzip
last-modified: Mon, 24 Oct 2022 21:02:26 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=40864
accept-ranges: bytes
content-length: 3063

GET
H/1.1 200
OK %7B2c44ff52-3132-442c-9503-85bdd0315f62%7D_girl-with-laptop.png
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 254 KB
254 KB 21ms
19ms Image
image/png 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B2c44ff52-3132-442c-9503-85bdd0315f62%7D_girl-with-laptop.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

85f45260ca6a2077a6756e50d8c0271c08f03bd8f63af4ab97f4297596520e31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/png
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 259932
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:58 GMT

GET
H/1.1 200
OK %7B26b85dd8-3214-4033-a583-693e4e7cde0f%7D_woman-in-meeting.jpg
images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/ 40 KB
40 KB 20ms
19ms Image
image/jpeg 23.11.206.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.learn.ricoh-usa.com/EloquaImages/clients/Ricoh/%7B26b85dd8-3214-4033-a583-693e4e7cde0f%7D_woman-in-meeting.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.11.206.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-11-206-48.deploy.static.akamaitechnologies.com

Software

Resource Hash

caf63b3ed8937749dfafd38336b252bc3a09cd808c9999ebc4a4dd4cb5b56691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:58 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Type: image/jpeg
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 40497
X-Xss-Protection: 1; mode=block
Expires: Tue, 08 Nov 2022 19:22:58 GMT

GET MycCwkdJ4Nc
www.youtube.com/embed/ Frame DE44 0
0

GET
H/1.1 200
OK AkkuratLLWeb-Thin.woff
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 717ms
527ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET MycCwkdJ4Nc
www.youtube.com/embed/ Frame E8E2 0
0

GET
H3 200 MycCwkdJ4Nc Show response
www.youtube.com/embed/ Frame F7A8 70 KB
28 KB 69ms
68ms Document
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/www-widgetapi.vflset/www-widgetapi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f45d6a4310701d60268a68e2743be442448f727ebb9bc78b7119b1eb4295619e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://us.ricoh-usa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Tue, 08 Nov 2022 19:22:57 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/MycCwkdJ4Nc/ 116 KB
117 KB 81ms
47ms Image
image/jpeg 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/MycCwkdJ4Nc/maxresdefault.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6327e001768d39fa168b0c73f2ff5f697c73b30cb5e1914e4b31997b7ad765c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118868
x-xss-protection: 0
server: sffe
etag: "1614718839"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 08 Nov 2022 21:22:57 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 430ms
105ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1270883&version=2.1.1&ref=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&r=1667935377897
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 08 Nov 2022 19:22:58 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=67
Content-Length: 43

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4336274%26time%3D1667935377902%26url%3Dhttps%253A%252F%252Fus.ricoh-usa.com%252FR...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium...

0
266 B

148ms
120ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&liSync=true&e_ipv6=AQIcM6JWnQFJvgAAAYRYshwwmF0PC9Kl0g01g1zuEh_b8bwQCxRqtYPx6fCpujVl
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 493136E3558D4EDEB12AC785F9921166 Ref B: FRAEDGE1520 Ref C: 2022-11-08T19:22:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXs+nfBGqCLptqQGPZBgQ==

Redirect headers

date: Tue, 08 Nov 2022 19:22:58 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 417C7B5CF92F4772A1F336ED6A4F0680 Ref B: FRAEDGE1420 Ref C: 2022-11-08T19:22:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4336274&time=1667935377902&url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&liSync=true&e_ipv6=AQIcM6JWnQFJvgAAAYRYshwwmF0PC9Kl0g01g1zuEh_b8bwQCxRqtYPx6fCpujVl
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXs+ne9zo3KOZi/Fz1aqQ==

GET
H2 200 us.ricoh-usa.com.json Show response
script.crazyegg.com/pages/data-scripts/0103/2431/site/ 4 KB
2 KB 188ms
165ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0103/2431/site/us.ricoh-usa.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0103/2431.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28d400c465e324a68a68a76b350c1dd29c50c0eeb9207721ad6cdebc5f10920d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 08 Nov 2022 19:22:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
ce-version: 11.4.35
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae301a79bb62-FRA
content-length: 1664

GET
H3 200 www-player.css
www.youtube.com/s/player/c4225c42/ Frame F7A8 359 KB
49 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bd4827c67760075ffaf32114b41d503da91ccc26f3cf43349607f7b2ff19a1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49779
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Nov 2023 17:52:15 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/c4225c42/www-embed-player.vflset/ Frame F7A8 309 KB
96 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

681b6bb35bf9ff8ce07733fe20795e241e59800b6319e6f4f6bf929147f36064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:52:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98145
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Nov 2023 17:52:22 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/ Frame F7A8 2 MB
576 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/base.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

845343e662ab11d1fcfc4ad84465f007939cdcba32bc9a4d38a4d38070502f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:53:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91784
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 589644
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Nov 2023 17:53:13 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/c4225c42/fetch-polyfill.vflset/ Frame F7A8 9 KB
3 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:52:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91835
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Nov 2023 17:52:22 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F7A8 15 KB
16 KB 71ms
38ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:21:27 GMT
x-content-type-options: nosniff
age: 91
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Nov 2023 19:21:27 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F7A8 15 KB
15 KB 89ms
56ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 1390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Nov 2023 18:59:48 GMT

GET
H/1.1 200
OK analytics.js Show response
tribl.io/ 20 KB
6 KB 32ms
31ms Script
application/javascript 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tribl.io/analytics.js
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: be689b5c3622563fa4818092fdc35d75da3b23ee1bc4c1e84fc658d3125ea61a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 08 Nov 2022 19:22:58 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Nov 2022 17:08:35 GMT
Server: nginx
ETag: W/"636a8d13-502f"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 init-2321sv6dhuey2y060jgx.js Show response
api.fouanalytics.com/api/ 456 B
879 B 269ms
216ms Script
text/javascript 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/init-2321sv6dhuey2y060jgx.js
Requested by: Host: tribl.io
URL: https://tribl.io/footer.js?orgId=4oG6jR7ObKiPwke6bx1E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92ed32b298067073fadb7b50b98d8a68205ca51a3cc72b7d367d8fa6968b8893

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2R7vCy%2FkI3QQyaX0dfZjX8q3%2FwWdt2vMzC3f9riyjUjVqt91m641tHFinPayiHu%2FDEOPg7zYnmNnnQW7hwXnBbIKF4Ux5UadFHjxgatN7HKQNF6D8y13WceAezqHbyFTysfbbhUWf7ufV23dTKe8UM3LUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 7670ae311f3b6d91-MUC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.43/ 54 KB
54 KB 98ms
98ms Script
application/javascript 2620:1ec:40::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/6gpvemcj11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
etag: "1d8ec7677589f4c"
x-azure-ref: 0kqxqYwAAAABpnE0K25XDQJk3L/XcfO4KRlJBMjMxMDUwNDE5MDIxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 55116
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 971ec4d62e2a225680add3302d9aacbb.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 87 KB
29 KB 23ms
23ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/971ec4d62e2a225680add3302d9aacbb.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0103/2431.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f6dc2097f638679a6dfa22149115d95793bfc99eb3824357b53bd300dc3eeb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 28 Oct 2022 17:50:42 GMT
server: cloudflare
age: 11558
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae311f18bbcd-FRA
content-length: 29882

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame F7A8 113 B
159 B 17ms
17ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea4a407f97d1ed26d2008f3efbf55244dace5745a6cda66d43739b729a7ca5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame F7A8 29 B
588 B 39ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:09:12 GMT
x-content-type-options: nosniff
age: 826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 08 Nov 2022 19:24:12 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 290ms
15ms Preflight
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Tue, 08 Nov 2022 19:22:58 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F7A8 66 KB
30 KB 44ms
29ms XHR
application/json+protobuf 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8c7e998188c4aa6fe937aa0b22bfbc673d477709dd9abac839068abcc4f8b514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30919
x-xss-protection: 0

GET
H3 200 gMsH84TQuiDEVfr1BCtG5xcdN73b4dVBHpnGqNHnahs.js Show response
www.google.com/js/th/ Frame F7A8 36 KB
14 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/gMsH84TQuiDEVfr1BCtG5xcdN73b4dVBHpnGqNHnahs.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80cb07f384d0ba20c455faf5042b46e7171d37bddbe1d5411e99c6a8d1e76a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 08:09:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40421
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14294
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Nov 2023 08:09:17 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/ Frame F7A8 26 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2bfd4599846e27f643dabf88775c33e8417236ae2ad1234299815d2e034cde6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:53:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91770
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8304
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Nov 2023 17:53:28 GMT

GET
DATA 200
OK truncated
/ Frame F7A8 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 8JtDTOK7DVlE5CXB7vNFqALxbVIBc0vuKvmKkI-_-WvNjpI8tC9kPl76PbHgfopMRk4BcWU0XrE=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame F7A8 2 KB
2 KB 42ms
11ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/8JtDTOK7DVlE5CXB7vNFqALxbVIBc0vuKvmKkI-_-WvNjpI8tC9kPl76PbHgfopMRk4BcWU0XrE=s68-c-k-c0x00ffffff-no-rj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8f4addf1d78d82bef3e7276d7d65c3afc349206557a773efd408839ded9613d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:06:50 GMT
x-content-type-options: nosniff
age: 968
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1636
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 04 Nov 2022 08:22:40 GMT

GET
H3 200 maxresdefault.jpg
i.ytimg.com/vi/MycCwkdJ4Nc/ Frame F7A8 116 KB
116 KB 27ms
10ms Image
image/jpeg 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/MycCwkdJ4Nc/maxresdefault.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6327e001768d39fa168b0c73f2ff5f697c73b30cb5e1914e4b31997b7ad765c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118868
x-xss-protection: 0
server: sffe
etag: "1614718839"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 08 Nov 2022 21:22:57 GMT

GET
H2 200 data.js Show response
tags.clickagy.com/ 38 KB
14 KB 81ms
40ms Script
application/javascript 2606:4700:4400::6812:228d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Requested by: Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/62e3f05631411d0090cac625
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:228d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b600f1dc62b172effa1611f27da2410354b23d9bc79f34a525821752fafcde83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
x-amz-version-id: eiH8z613.BRzukjofzW7pfMQ5QqyyUJw
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 65046
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 07 Oct 2022 12:51:20 GMT
server: cloudflare
etag: W/"39cbfce65efed785f567d3a64646eed5"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 7670ae322a6ebbf7-FRA
x-amz-cf-id: 2Ba19ulgMIxioKXRpG_fxgkDH6JidcwFYteG8yVMNjgXCLE7LC_9cQ==

GET
H2 200 embed Show response
noembed.com/ 720 B
1003 B 33ms
8ms XHR
text/javascript 2a04:4e42:200::347
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://noembed.com/embed?url=https://www.youtube.com/watch?v=MycCwkdJ4Nc
Requested by: Host: cdn.plyr.io
URL: https://cdn.plyr.io/3.7.2/plyr.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::347 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 561a8df574b0b4f5ddd3f99273ce5f5f1bb105fc3f49cd62ab8fffee7a454582

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-served-by: cache-chi-kigq8000031-CHI, cache-hhn4040-HHN
date: Tue, 08 Nov 2022 19:22:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1041475
x-timer: S1667935378.258808,VS0,VE1
x-cache: HIT, HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
accept-ranges: bytes
access-control-allow-headers: Origin, Accept, Content-Type
content-length: 720
x-cache-hits: 111, 1

GET
H2 200 us.ricoh-usa.com.json Show response
script.crazyegg.com/pages/data-scripts/0103/2431/sampling/ 45 B
127 B 176ms
176ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0103/2431/sampling/us.ricoh-usa.com.json?t=463315
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/971ec4d62e2a225680add3302d9aacbb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc9373af2743078ab4783adf64f4ecdde66ac0eb5259d34eda1240a2f3be7aae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 08 Nov 2022 19:22:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
ce-version: 11.4.35
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7670ae31fea0bb62-FRA
content-length: 64

GET
H3 200 sf5.js Show response
sfc.leadspace.com/ 194 KB
194 KB 13ms
12ms Script
application/javascript 35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/sf5.js

Requested by

Host: cdn.reachforce.com
URL: https://cdn.reachforce.com/SmartForms.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

d914684a085399f9b850a1e962e66965528830404f7d0764155048d743946580

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:19:35 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 203
x-guploader-uploadid: ADPycdvP4zySR1cIeW9jcI0HrYd92TwWwhfnbxLh-mlLyNjweg77eCyh3S9F8_Uhi-DZNEyy9RX6n598ZVsYUEBL8clHhQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198228
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Sun, 30 Oct 2022 13:46:45 GMT
server: UploadServer
etag: "529f581ba08bcbe4268b655da36b2dfc"
x-frame-options: SAMEORIGIN
x-goog-generation: 1667137605881823
x-goog-hash: crc32c=QYwRww==, md5=Up9YG6CLy+Qmi2Vdo2st/A==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 198228
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 08 Nov 2022 20:19:35 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame F7A8 0
10 B 10ms
10ms Image
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?3cqg5w
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK AkkuratLLWeb-Regular.woff2
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 354ms
354ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H3 200 plyr.svg Show response
cdn.plyr.io/3.7.2/ 6 KB
3 KB 72ms
30ms XHR
image/svg+xml 2606:4700:21::681b:c358
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.7.2/plyr.svg
Requested by: Host: cdn.plyr.io
URL: https://cdn.plyr.io/3.7.2/plyr.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:21::681b:c358 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4846018760f6e11a8a1dea7639a5c75c712f198d978eccf117840820bb8c37d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
via: 1.1 varnish, 1.1 varnish
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: C953STC3BK81RGW7
age: 19161
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: BWiByXhufL9HHZWXH3dfPcHXWRjjkkkRmKb5QMhZgLXENSkjNRrjPTwimCZnkod7AfNMTX4+s0s=
x-served-by: cache-iad-kjyo7100041-IAD, cache-yyz4554-YYZ
last-modified: Wed, 20 Apr 2022 10:14:57 GMT
server: cloudflare
x-timer: S1667434068.008692,VS0,VE0
etag: W/"3a727a9b7eef825081d78cc6e48aaadf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXcqstRj%2FOilfeHmCckv8Mb4XPCpS9spw6onRLP87jO4Hmg0xJdVMvXhc7rYq0xHq2TJq3IG8%2Ft3jyu%2F9%2BA4GuUzscBg5ouNuB0pH9Rp5IwMJshDRh%2Fvn0c8%2BvNnSgOHobno%2B7Mj6DUX"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000, immutable
cf-ray: 7670ae32eb5a7780-LHR
x-cache-hits: 1, 1755

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 101ms
101ms Stylesheet
text/css 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: bea2e9eacf6b03ae566c43fb0fa53b32ab2c62f176b7715e6748556c61ce2536

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 08 Nov 2022 19:22:58 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 404ms
101ms Fetch
image/jpeg 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 08 Nov 2022 19:22:58 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 404ms
101ms Fetch
image/jpeg 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 08 Nov 2022 19:22:58 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H/1.1 200
OK AkkuratLLWeb-Black.woff2
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 380ms
380ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H3 200 maxresdefault.jpg
i.ytimg.com/vi/MycCwkdJ4Nc/ 116 KB
116 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/MycCwkdJ4Nc/maxresdefault.jpg

Requested by

Host: cdn.plyr.io
URL: https://cdn.plyr.io/3.7.2/plyr.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6327e001768d39fa168b0c73f2ff5f697c73b30cb5e1914e4b31997b7ad765c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:57 GMT
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118868
x-xss-protection: 0
server: sffe
etag: "1614718839"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 08 Nov 2022 21:22:57 GMT

POST
H2 204 collect Show response
l.clarity.ms/ 0
165 B 598ms
277ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://us.ricoh-usa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: https://us.ricoh-usa.com
date: Tue, 08 Nov 2022 19:22:58 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 42ms
19ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 17:24:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Nov 2022 19:22:58 GMT

POST
H/1.1 200
OK match Show response
sfgw.leadspace.com/ip/ 121 B
1 KB 164ms
163ms XHR
application/json 34.75.172.129
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sfgw.leadspace.com/ip/match

Requested by

Host: sfc.leadspace.com
URL: https://sfc.leadspace.com/sf5.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

34.75.172.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

129.172.75.34.bc.googleusercontent.com

Software

Prod /

Resource Hash

f7a8f6532b19d2d6253176ff135bfdd40b6893fa4e4963365618cde7d6568526

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' https://.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.aptrinsic.com; img-src www.google-analytics.com https://.leadspace.com https://.aptrinsic.com https://storage.googleapis.com; connect-src https://.leadspace.com wss://.leadspace.com https://.aptrinsic.com https://.google-analytics.com; frame-src https://.leadspace.com; style-src 'unsafe-inline' https://.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://.leadspace.com https://.aptrinsic.com; frame-ancestors https://.leadspace.com; media-src https://.leadspace.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://us.ricoh-usa.com/
accept-language: de-DE,de;q=0.9
Authorization: 148031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 08 Nov 2022 19:22:59 GMT
content-security-policy: default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Prod
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Origin
X-Frame-Options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://us.ricoh-usa.com
access-control-allow-credentials: true
content-length: 121
x-xss-protection: 1; mode=block

OPTIONS
H/1.1 200
OK match
sfgw.leadspace.com/ip/ Frame 0
0 999ms
661ms Preflight 34.75.172.129
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sfgw.leadspace.com/ip/match

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

34.75.172.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

129.172.75.34.bc.googleusercontent.com

Software

Prod /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' https://.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.aptrinsic.com; img-src www.google-analytics.com https://.leadspace.com https://.aptrinsic.com https://storage.googleapis.com; connect-src https://.leadspace.com wss://.leadspace.com https://.aptrinsic.com https://.google-analytics.com; frame-src https://.leadspace.com; style-src 'unsafe-inline' https://.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://.leadspace.com https://.aptrinsic.com; frame-ancestors https://.leadspace.com; media-src https://.leadspace.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://us.ricoh-usa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

X-Frame-Options: SAMEORIGIN
access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type
access-control-allow-methods: POST
access-control-allow-origin: https://us.ricoh-usa.com
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
content-security-policy: default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com
date: Tue, 08 Nov 2022 19:22:58 GMT
referrer-policy: no-referrer
server: Prod
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 pp.js Show response
api.fouanalytics.com/s/ 15 KB
6 KB 67ms
38ms Script
text/javascript 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/s/pp.js
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a9f3c83892833387d92f857563b6f3cfdee0277cbc648a932a2718e000e9e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Oct 2022 14:09:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3302
etag: W/"634eb38a-3bc0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7aVlbkllsPPeSpMjwDc%2BW5sAIuyciXBPCI3uynyMESGZa%2Bu6h2asyu2aI4PNv9RuF8NIT%2BvgJzKVwrjtv0w%2BOaRSt2NjzUujZonwFwT35A67KrSVIkBaCXI53uxHpZe4EpKT2ViVV%2FAwFEUyprQJXqi%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cf-ray: 7670ae331bbf9b7d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
505 B 311ms
102ms XHR
application/json 34.193.178.177
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.178.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-178-177.compute-1.amazonaws.com
Software: Aorta/20221108.71a7c1e9c /
Resource Hash: f3840002e7b1644ebb26dc6aa60f6c2e66bce95fe0cadb948212a9ed72538e5d

Request headers

Referer: https://us.ricoh-usa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
server: Aorta/20221108.71a7c1e9c
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://us.ricoh-usa.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 9202288d48d3
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2

200

cm
us-u.openx.net/w/1.0/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%25...

43 B
304 B

85ms
17ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 08 Nov 2022 19:22:58 GMT
server: Aorta/20221108.71a7c1e9c
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 47352a1b8936
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2

451

711861.gif
id.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/liveramp_redir
https://id.rlcdn.com/711861.gif

0
98 B

317ms
43ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711861.gif
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:59 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Tue, 08 Nov 2022 19:22:58 GMT
server: Aorta/20221108.71a7c1e9c
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://id.rlcdn.com/711861.gif
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: a445e6e718cd
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
463 B 35ms
9ms XHR
application/json 143.204.89.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/971ec4d62e2a225680add3302d9aacbb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.89.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-89-129.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 16:18:54 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
age: 3380645
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: ZNskjZVqcRSSzXB9kr9ZZtv_pi59zAEf0SBNC19nq5O4uL5becc2KQ==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
460 B 34ms
7ms XHR
application/json 13.224.189.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/971ec4d62e2a225680add3302d9aacbb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-43.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 08:40:59 GMT
via: 1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 729720
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: wNyYj4WCsOGMQP1l1lht3Loga3Cw1D2uC0d-0Q-j8MTX-Vu2BXrO0w==

GET
BLOB 200
OK 387a0c8e-127e-4410-b61f-dbf64a473b0e
https://us.ricoh-usa.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://us.ricoh-usa.com/387a0c8e-127e-4410-b61f-dbf64a473b0e
Requested by: Host: us.ricoh-usa.com
URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H/1.1 200
OK AkkuratLLWeb-Bold.woff2
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 389ms
388ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
326 B 496ms
291ms XHR
text/plain 54.145.152.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.145.152.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-145-152-25.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://us.ricoh-usa.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

GET
H2 200 clock Show response
tracking.crazyegg.com/ 24 B
131 B 155ms
65ms XHR
text/plain 63.34.6.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1667935378530
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/971ec4d62e2a225680add3302d9aacbb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.6.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-6-182.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 9fd2f44a12651847d4146ed7df47e2c9abd365da6416125da37cc450faf6e103

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 08 Nov 2022 19:22:58 GMT
cache-control: no-store
server: awselb/2.0
content-length: 24
content-type: text/plain

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F7A8 90 B
134 B 26ms
26ms XHR
application/json+protobuf 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

45b2ecf3fc41dc913803f6e3162f4c88f303489e69cf745daa395e246d0a3302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 16ms
16ms Preflight
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Tue, 08 Nov 2022 19:22:58 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H/1.1 200
OK AkkuratLLWeb-Thin.woff2
us.ricoh-usa.com/RansomCare-A/fonts/ 71 KB
16 KB 362ms
361ms Font
text/html 142.0.165.137
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

142.0.165.137 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

Software

Resource Hash

16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid=
Origin: https://us.ricoh-usa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Tue, 08 Nov 2022 19:22:58 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
Content-Length: 16481
X-Xss-Protection: 1; mode=block
Expires: -1

POST
H3 200 x Show response
api.fouanalytics.com/api/ 0
460 B 209ms
195ms XHR
text/plain 2606:4700:e2::ac40:8920
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/x?4vpNtzj0J29lkbHB$dXJsJDAkaHR0cHM6Ly91cy5yaWNvaC11c2EuY29tL1JhbnNvbUNhcmUtQT91dG1fY2FtcGFpZ249VVMtMjAyMjEwLUdFTi1HRU4tRU0tSVRTLVJhbnNvbUNhcmUyLjAmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPUVsb3F1YSZ1dG1fY29udGVudD1VU19DUk9TU19SYW5zb21DYXJlMi4wX1EzRlkyMl9FbWFpbDNBX01LVEcmRWxxY2FtcGlkPTIyNDImUmZvcmNlY2FtcGlkPSIsInJlZmVycmVyJDAkIiwiYW5jZXN0b3JPcmlnaW5zJDAkIiwidmlkZW8kMCQxNjAweDEyMDB4MjQiLCJmcmFtZSQwJDAiLCJoaWRkZW4kMCQwIiwidmlzaWJpbGl0eVN0YXRlJDAkdmlzaWJsZSIsImhhc0ZvY3VzJDAkMSIsIndpbmRvdyQwJDE2MDB4MTIwMCIsInBpeGVscmF0aW8kMCQxIiwiaW5uZXIkMCQxNjAweDEyMDAiLCJvdXRlciQwJDE2MDB4MTIwMCIsImxvY2FsU3RvcmFnZSQwJDEiLCJzZXNzaW9uU3RvcmFnZSQwJDEiLCJhcHBDb2RlTmFtZSQwJE1vemlsbGEiLCJhcHBOYW1lJDAkTmV0c2NhcGUiLCJhcHBWZXJzaW9uJDAkNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDcuMC41MzA0Ljg3IFNhZmFyaS81MzcuMzYiLCJjb29raWVFbmFibGVkJDAkdHJ1ZSIsImRldmljZU1lbW9yeSQwJDgiLCJkb05vdFRyYWNrJDAkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQwJDQiLCJsYW5ndWFnZSQwJGVuLVVTIiwicGxhdGZvcm0kMCRXaW4zMiIsInByb2R1Y3QkMCRHZWNrbyIsInByb2R1Y3RTdWIkMCQyMDAzMDEwNyIsInVzZXJBZ2VudCQwJE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDcuMC41MzA0Ljg3IFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMCRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQwJCIsIndlYmRyaXZlciQwJGZhbHNlIiwibmF2aWdhdG9yLWhhc2gkMyQyOWU0MTg2ZCIsIm5hdmlnYXRvci10aW1lJDMkMyIsInNlbmRCZWFjb24kMyQxIiwiZm9udHJlbmRlciQ1JDEiLCJ0aW1lJDUkMTY2NzkzNTM3ODQ2NyIsInRpbWV6b25lJDUkMCIsInBsdWdpbnMtdGltZSQ2JDAuMSIsInBsdWdpbnMkNiRiNmQwNTU1OCIsIm1lbS10b3RhbEpTSGVhcFNpemUkNiQyOS40IiwibWVtLXVzZWRKU0hlYXBTaXplJDYkMTkuMyIsIm1lbS1qc0hlYXBTaXplTGltaXQkNiQzNzYwIiwidGltZS1mZXRjaFN0YXJ0JDYkNzkxIiwidGltZS1kb21haW5Mb29rdXBTdGFydCQ2JDc5MiIsInRpbWUtZG9tYWluTG9va3VwRW5kJDYkMTQ3MiIsInRpbWUtY29ubmVjdFN0YXJ0JDYkMTQ3MiIsInRpbWUtY29ubmVjdEVuZCQ2JDE3NTgiLCJ0aW1lLXNlY3VyZUNvbm5lY3Rpb25TdGFydCQ2JDE1NjUiLCJ0aW1lLXJlcXVlc3RTdGFydCQ2JDE3NTgiLCJ0aW1lLXJlc3BvbnNlU3RhcnQkNiQyMjY5IiwidGltZS1yZXNwb25zZUVuZCQ2JDIyNzEiLCJ0aW1lLWRvbUxvYWRpbmckNiQyMjcxIiwidGltZS1kb21JbnRlcmFjdGl2ZSQ2JDMxNDIiLCJ0aW1lLWRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0JDYkMzE0MiIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50RW5kJDYkMzE3NiIsIm5hdmlnYXRpb24tcmVkaXJlY3RDb3VudCQ2JDAiLCJuYXZpZ2F0aW9uLXR5cGUkNiRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQxMiQwIiwiZ2xvYmFscyQxMiRiYWE3OTJjMCIsImRvY3VtZW50LXRpbWUkMTckMC4xIiwiZG9jdW1lbnQkMTckNzk1OTYwN2EiLCJjb25uZWN0aW9uJDE3JCIsImRvd25saW5rTWF4JDE3JCIsImdldFVzZXJNZWRpYSQxNyQyIiwicGFnZS1mcmFtZS1jb3VudCQxNyQxIiwicGFnZS1mcmFtZS1saXN0JDE3JDcyMHg0MDUjd3d3LnlvdXR1YmUuY29tIiwicGFnZS1oYXNoLXRpbWUkMTkkMS4yIiwicGFnZS1oYXNoJDE5JDI1ZWM0ZWE2IiwiZm9udCQyMyQxMDAwMDAwIiwic3R5bGUtaGFzaCQyNCQ4Y2I2YjJjYyIsInN0eWxlLXRpbWUkMjQkMC40IiwiYXVkaW8tY29kZWMkMjQkMjIyMTIiLCJ2aWRlby1jb2RlYyQyNCQyMjIwMDAiLCJjbG9jayQzMiQ0NDUyIiwic29ydCQ0MyQxMSIsInN0YWNrJDQ1JDEzOTU2Iiwic3RhY2stZXJyb3IkNDUkUmFuZ2VFcnJvcjogTWF4aW11bSBjYWxsIHN0YWNrIHNpemUgZXhjZWVkZWQiLCJzdGFjay10aW1lJDQ1JDEuNSIsIndlYmdsJDUxJDEiLCJ3ZWJnbDIkNTEkMSIsIndlYmdsLXZlbmRvciQ1MSRJbnRlbCBJbmMuIiwid2ViZ2wtcmVuZGVyZXIkNTEkSW50ZWwgSXJpcyBPcGVuR0wgRW5naW5lIiwid2ViZ2wtZXh0ZW5zaW9ucyQ1MSQ0NDk1Mzk2NSIsIndlYmdsLXRpbWUkNTEkNiIsImJhdHRlcnkkNTMkMSAxIDAgSW5maW5pdHkiLCJwZXJtaXNzaW9uLWdlb2xvY2F0aW9uJDUzJHByb21wdCIsImF1ZGlvY29udGV4dCQ1OSRmN2U3MTJkOSIsImF1ZGlvY29udGV4dC10aW1lJDU5JDMxLjIiLCJpbnRlcnNlY3Rpb24tc2l6ZSQ2NSQxNjAweDEyMDAiLCJpbnRlcnNlY3Rpb24kNjUkNDMiLCJwZXJtaXNzaW9uLW5vdGlmaWNhdGlvbnMkNjYkcHJvbXB0IiwicGVybWlzc2lvbi1jYW1lcmEkNjckcHJvbXB0IiwicGVybWlzc2lvbi1taWNyb3Bob25lJDY3JHByb21wdCIsInBlcm1pc3Npb24tcGVyc2lzdGVudC1zdG9yYWdlJDY3JHByb21wdCIsImZyYW1lcmF0ZSQxMjgkMzAiLCJhZGJsb2NrJDEzMSQw
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/s/pp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8920 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 08 Nov 2022 19:22:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4qV6079gLW2PqrqEuORTaB25CpuhnLgXKxz%2BdSTn9Hd%2F19b%2BofwYBQ1PbqEejCmBNgcSpzuRcvchcWKTdxLK6%2F4thDbUkO4p5s%2F0caA40DVO%2BNhMAIj8MTheppsRGuZz%2ByNImEcilPEErolxUF82CclaYg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7670ae352b6b2169-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
443 B 102ms
101ms XHR
text/plain 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7D70cFJzNxduKZLVahpEbQ&is_js=true&landing_url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&t=Stop%20ransomware%20breaches%20with%20RansomCare&tip=BnAWt_wjkIVc1g_gX5jgCE7ch7d5YXnQ8RwLG43w5pw&host=https://us.ricoh-usa.com&sa_conv_data_css_value=%20%220-ed7a4e90-d42d-4c15-5c63-9a7bd2203afc%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9b11952e086984faa5350d339b405a887515f052a&sa-user-id-v2=s%253A7XpOkNQtTBVcY5p70iA6_FFfBSo.sp7oo%252FvI3jpxbcOID%252B0MknVDALKSonXLUDPUN4Qm6eA&sa-user-id=s%253A0-ed7a4e90-d42d-4c15-5c63-9a7bd2203afc.T5EdZx6d3Z%252BoPkqNj0eI%252BGSUOmock1qOm4CSGXRUH%252FY
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: 7b1f2ae94593c20eacd11d3eeef8605830cf1dc5f7ac47d83defb9e8e2f6e51a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 08 Nov 2022 19:22:58 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://us.ricoh-usa.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 138

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 141 B
446 B 206ms
105ms XHR
text/plain 44.206.39.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_CVsstYoVuPGKwzlUfpsjw&is_js=true&landing_url=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&t=Stop%20ransomware%20breaches%20with%20RansomCare&tip=BnAWt_wjkIVc1g_gX5jgCE7ch7d5YXnQ8RwLG43w5pw&host=https://us.ricoh-usa.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9f43c4e3d540a44de706bc79ae009add9515f052a&sa-user-id-v2=s%253A7XpOkNQtTBVcY5p70iA6_FFfBSo.sp7oo%252FvI3jpxbcOID%252B0MknVDALKSonXLUDPUN4Qm6eA&sa-user-id=s%253A0-ed7a4e90-d42d-4c15-5c63-9a7bd2203afc.T5EdZx6d3Z%252BoPkqNj0eI%252BGSUOmock1qOm4CSGXRUH%252FY
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.206.39.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-206-39-165.compute-1.amazonaws.com
Software: /
Resource Hash: 8ae93413e98c01d05136c2577b6d757816bffacd01ed791d03d617e20aca8c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 08 Nov 2022 19:22:58 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://us.ricoh-usa.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 141

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&RedC=c.clarity.ms&MXFR=2EB453EC9E656E85228B41BA9A656059
https://c.clarity.ms/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&MUID=28743C2D6762685601C02E7B66CE6929

42 B
391 B

32ms
32ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&MUID=28743C2D6762685601C02E7B66CE6929
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:59 GMT
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
server: Microsoft-IIS/10.0
etag: "40db785d3fdfd81:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 08 Nov 2022 19:22:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 153295E7AE9847D3BB254C8E7A644193 Ref B: FRA31EDGE0809 Ref C: 2022-11-08T19:22:59Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=90E5DD7D47AC46079D482BCFEC1B520A&MUID=28743C2D6762685601C02E7B66CE6929
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK _t.gif
tribl.io/ 42 B
525 B 35ms
35ms Image
image/gif 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tribl.io/_t.gif?i=4oG6jR7ObKiPwke6bx1E&s=4pB&u=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&h=us.ricoh-usa.com&bw=1600&bh=1200&t=0&rnd=5854946411628
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.ricoh-usa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Nov 2022 19:22:59 GMT
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Connection: keep-alive
Content-Length: 42

POST
H2 204 collect Show response
l.clarity.ms/ 0
49 B 98ms
97ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://us.ricoh-usa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-origin: https://us.ricoh-usa.com
date: Tue, 08 Nov 2022 19:22:59 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame F7A8 28 B
54 B 61ms
61ms XHR
application/json 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
X-Goog-Request-Time: 1667935380354
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/MycCwkdJ4Nc?autoplay=0&controls=0&disablekb=1&playsinline=1&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fus.ricoh-usa.com%2FRansomCare-A%3Futm_campaign%3DUS-202210-GEN-GEN-EM-ITS-RansomCare2.0%26utm_medium%3Demail%26utm_source%3DEloqua%26utm_content%3DUS_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG%26Elqcampid%3D2242%26Rforcecampid%3D&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=false&enablejsapi=1&origin=https%3A%2F%2Fus.ricoh-usa.com&widgetid=1
X-YouTube-Client-Version: 1.20221106.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtTYmI3MXFOMWZtMCiR2aqbBg%3D%3D
X-YouTube-Ad-Signals: dt=1667935378055&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C720%2C405&vis=1&wgl=true&ca_type=image&bid=ANyPxKqgWGauRTLEwOqB2TE7Rp3y5QDfZNUwtmXzbAUzZ07jliNTHVjKxhRbGkSwKpUmG2lfARIRV-p4xFjYzbrRDhg8VAc63w

Response headers

date: Tue, 08 Nov 2022 19:23:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Tue, 08 Nov 2022 19:23:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube.com
URL: https://www.youtube.com/embed/MycCwkdJ4Nc?origin=https://plyr.io&width=640&height=480&iv_load_policy=3&modestbranding=1&playsinline=1&showinfo=0&rel=0&enablejsapi=1

Domain: www.youtube.com
URL: https://www.youtube.com/embed/MycCwkdJ4Nc?origin=https://plyr.io&width=640&height=480&iv_load_policy=3&modestbranding=1&playsinline=1&showinfo=0&rel=0&enablejsapi=1

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.app.learn.ricoh-usa.com/	1970-01-20 16:47:43	Name: ELOQUA Value: GUID=DD8B60A8AAD84D1CB9E15A6275E13124
.app.learn.ricoh-usa.com/	1970-01-20 16:47:43	Name: ELQSTATUS Value: OK
.ricoh-usa.com/	1970-01-20 16:47:43	Name: ELOQUA Value: GUID=B26CA8830A7347B4963BD3F34CDB95C1&FPCVISITED=1
.ricoh-usa.com/	1970-01-20 09:28:31	Name: _gcl_au Value: 1.1.395407092.1667935378
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: -z1B4ZC3pco
.youtube.com/	1970-01-20 11:38:07	Name: VISITOR_INFO1_LIVE Value: Sbb71qN1fm0
.techtarget.com/	1970-01-20 07:18:57	Name: __cf_bm Value: uUkJ77ZX1d4wrg48sDW9nSZNoHkz5hMIrfS6TUFKRFQ-1667935377-0-AeWI4qn5B6odPyPovYAlzfFz4HPrTqF0PtT4o3PwK1tf0MFvXVfvnenY2HcqKyL/mJhfXHz+hWlrzX1V0svJh1Y=
.doubleclick.net/	1970-01-20 16:40:31	Name: IDE Value: AHWqTUmIDjPQ5ZC0m5lRQCuZAGADV29CtCg3JlfsAkdiaWajGs0MnyZD4vPczKu3
.tribl.io/	1970-01-20 16:54:55	Name: ti_ Value: s%3Ax7dhGlqgrvDcPyfAGvLVpuvQ.H79k3Muy6WPzIWDnqyuJosX4mDp6X%2BvpLbwNhFixvEU
www.clarity.ms/	1970-01-20 16:04:31	Name: CLID Value: c7ca80852d3c433688c0b25eb4504ce6.20221108.20231108
.ws.zoominfo.com/	1970-01-20 16:04:31	Name: visitorId Value: f0a4ad2cc669c8df43208b7892cb02caf72c9917330ce873b7a89d1e52eebd37
.zoominfo.com/	1970-01-20 07:18:57	Name: __cf_bm Value: xxQC12qKKiScT4T5BaWwli5xBoFXtD3fgKb368MNPc8-1667935378-0-AaBCAnmMdlZHW0WoRwL522ppxq88VAdeRh+pcTyoW9KbXtJuB03zHfKxY3opUNsmyBXOec4TPpKm7IKk9uDjZI4=
.ricoh-usa.com/	1970-01-20 16:04:31	Name: _clck Value: 1u58xyx\|1\|f6e\|0
.linkedin.com/	1970-01-20 08:02:07	Name: UserMatchHistory Value: AQLRB-ZbaxNNFQAAAYRYshsaV1Xvi9GKHfHbXQLneOW38OPUoLA_0OGXE8i-IMWYEQZUrg9g0m2p-Q
.linkedin.com/	1970-01-20 08:02:07	Name: AnalyticsSyncHistory Value: AQL-dYgd09S7cAAAAYRYshsa_3zGW0IAarnaO1kbLaNRXTYEQHEgAXEhr1VAnKb2qA8NxVGeH7rxrAuQHvPdag
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:04:31	Name: bcookie Value: "v=2&a75b1ee3-4cd3-4663-8acd-bc1486216fc2"
.linkedin.com/	1970-01-20 07:20:21	Name: lidc Value: "b=VGST04:s=V:r=V:a=V:p=V:g=2769:u=1:x=1:i=1667935378:t=1668021778:v=2:sig=AQG_sYcYyWy-uo3PseA0tOEiAs5bS8l-"
tags.srv.stackadapt.com/	1970-01-20 16:04:31	Name: sa-user-id Value: s%3A0-ed7a4e90-d42d-4c15-5c63-9a7bd2203afc.T5EdZx6d3Z%2BoPkqNj0eI%2BGSUOmock1qOm4CSGXRUH%2FY
.srv.stackadapt.com/	1970-01-20 16:04:31	Name: sa-user-id-v2 Value: s%3A7XpOkNQtTBVcY5p70iA6_FFfBSo.sp7oo%2FvI3jpxbcOID%2B0MknVDALKSonXLUDPUN4Qm6eA
us.ricoh-usa.com/	1970-01-20 16:04:31	Name: sa-user-id Value: s%253A0-ed7a4e90-d42d-4c15-5c63-9a7bd2203afc.T5EdZx6d3Z%252BoPkqNj0eI%252BGSUOmock1qOm4CSGXRUH%252FY
us.ricoh-usa.com/	1970-01-20 16:04:31	Name: sa-user-id-v2 Value: s%253A7XpOkNQtTBVcY5p70iA6_FFfBSo.sp7oo%252FvI3jpxbcOID%252B0MknVDALKSonXLUDPUN4Qm6eA
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 16:04:31	Name: bscookie Value: "v=1&20221108192258443ad7bd-cad8-48dc-873b-15c6c8397886AQE21C2DbrCAnu6AhDlOJDG1i6DeTc2o"
.linkedin.com/	1970-01-20 11:38:07	Name: li_gc Value: MTswOzE2Njc5MzUzNzg7MjswMjFwEhDtarY1vNdrJd7tZ0GFtPkJdWwzP3jYRXgjMr/h0Q==
.ricoh-usa.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.ricoh-usa.com/	1970-01-20 16:04:31	Name: _ce.s Value: v~a1f6e6e44b246bae01296639fae0ef6f87e0ae72~vpv~0
.ricoh-usa.com/	1969-12-31 23:59:59	Name: cebsp Value: 1
.ricoh-usa.com/	1970-01-20 07:20:21	Name: _clsk Value: ly8ukv\|1667935378965\|1\|1\|l.clarity.ms/collect
.c.bing.com/	1970-01-20 16:40:31	Name: SRM_B Value: 28743C2D6762685601C02E7B66CE6929
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 16:40:31	Name: MUID Value: 28743C2D6762685601C02E7B66CE6929
.c.clarity.ms/	1970-01-20 07:18:55	Name: ANONCHK Value: 0

49 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff
other	warning	URL: https://www.clarity.ms/eus-e/s/0.6.43/clarity.js(Line 1) Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Regular.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Black.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Bold.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: Failed to decode downloaded font: https://us.ricoh-usa.com/RansomCare-A/fonts/AkkuratLLWeb-Thin.woff2
other	warning	URL: https://us.ricoh-usa.com/RansomCare-A?utm_campaign=US-202210-GEN-GEN-EM-ITS-RansomCare2.0&utm_medium=email&utm_source=Eloqua&utm_content=US_CROSS_RansomCare2.0_Q3FY22_Email3A_MKTG&Elqcampid=2242&Rforcecampid= Message: OTS parsing error: invalid sfntVersion: 1008813135
network	error	URL: https://id.rlcdn.com/711861.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aorta.clickagy.com
api.fouanalytics.com
app.learn.ricoh-usa.com
apt.techtarget.com
assets-tracking.crazyegg.com
c.bing.com
c.clarity.ms
cdn.plyr.io
cdn.reachforce.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hemsync.clickagy.com
i.ytimg.com
id.rlcdn.com
images.learn.ricoh-usa.com
img03.en25.com
jnn-pa.googleapis.com
l.clarity.ms
noembed.com
pagestates-tracking.crazyegg.com
px.ads.linkedin.com
px4.ads.linkedin.com
s2073603363.t.eloqua.com
script.crazyegg.com
sfc.leadspace.com
sfgw.leadspace.com
snap.licdn.com
static.doubleclick.net
tags.clickagy.com
tags.srv.stackadapt.com
tracking.crazyegg.com
tribl.io
trk.techtarget.com
unpkg.com
us-u.openx.net
us.ricoh-usa.com
ws.zoominfo.com
www.clarity.ms
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
yt3.ggpht.com
www.youtube.com
13.107.42.14
13.224.189.43
142.0.165.137
142.0.165.148
142.0.165.159
143.204.89.129
172.217.18.2
20.120.65.166
20.234.93.27
206.19.49.24
23.11.206.48
23.197.8.158
2606:4700:21::681b:c358
2606:4700:4400::6812:228d
2606:4700:4400::6812:2a27
2606:4700::6810:650c
2606:4700::6810:7caf
2606:4700::6811:180e
2606:4700::6813:9308
2606:4700:e2::ac40:8920
2620:1ec:21::14
2620:1ec:40::44
2620:1ec:c11::200
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::200a
2a00:1450:4001:813::2008
2a00:1450:4001:82a::2016
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200e
2a02:26f0:480:f::213:7ecb
2a04:4e42:200::347
34.193.178.177
34.230.252.46
34.75.172.129
34.98.64.218
35.190.114.154
35.244.174.68
44.206.39.165
46.137.132.32
54.145.152.25
63.34.6.182
001076b9bbb2243ef99012ad9078217ca6422f866fdfff9a26f0983432829d6b
03bdda2b417d8cff1b2c8293c02685fd1670ca563e5514d74bffc8cd5a108e04
0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6
06f66c7beb4164979a2bc183462dbbb4a148d374d6aca4dc0b0548d8aeae8387
085c311f2cdb713a1e641f8b79ed9b6df08596e7a6a5900983c8563e7d88c307
136c1a1fb156066c47e5a1d5bd89b407f9a72ef3f3cf18ba8c824b1fd0a50658
15017d2d8833b3447fae441d55970e7ef5fec6926ff37b11d2fb5b7333235cfa
16a748e8cc32f79e9389d99cd9200d3e923a310fb640922c49027757f0f56e5f
1e95185332e68ad90f66a00404a0543bef49cac4f84e0907b1b08111ea0d4b42
28d400c465e324a68a68a76b350c1dd29c50c0eeb9207721ad6cdebc5f10920d
2bd4827c67760075ffaf32114b41d503da91ccc26f3cf43349607f7b2ff19a1d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f6dc2097f638679a6dfa22149115d95793bfc99eb3824357b53bd300dc3eeb7
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
3d997a0924dd490d6c9f53c8096cc21cb0f61609d501cc3bd7a164069abc807f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
45b2ecf3fc41dc913803f6e3162f4c88f303489e69cf745daa395e246d0a3302
4846018760f6e11a8a1dea7639a5c75c712f198d978eccf117840820bb8c37d7
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
52a4d3d7006be69ef61d35d11407eebf4d8c9db48a5e6e2bfdb2ec09988bcc79
561a8df574b0b4f5ddd3f99273ce5f5f1bb105fc3f49cd62ab8fffee7a454582
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5fa19fe08cee3095fa92e117783ab56c3b27640337193874b8666a4678189e6d
6327e001768d39fa168b0c73f2ff5f697c73b30cb5e1914e4b31997b7ad765c0
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
681b6bb35bf9ff8ce07733fe20795e241e59800b6319e6f4f6bf929147f36064
6a9f3c83892833387d92f857563b6f3cfdee0277cbc648a932a2718e000e9e42
6c64fcbaf5909fcab9ad263ef654d029a486aac70414f6504a0c7d3f04a93fcb
704429b96160b5a4f8b5620ef527dee3f7f33bf4e5ff4ad85cb9b8651b9f39a9
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
783c3d4a6931e9e51e9be6faffa02d05676921bdf512dc211982a37070d588fc
7a16af39ebf4aae16ca19358e9b7ce8e2045ee0ce330b4a1465d97c22a1b1c3c
7b1f2ae94593c20eacd11d3eeef8605830cf1dc5f7ac47d83defb9e8e2f6e51a
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
80cb07f384d0ba20c455faf5042b46e7171d37bddbe1d5411e99c6a8d1e76a1b
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
845343e662ab11d1fcfc4ad84465f007939cdcba32bc9a4d38a4d38070502f21
8511b3608ee3391e3f6a006ea476f62ddce8cfff29115277d56bf1c555341821
85f45260ca6a2077a6756e50d8c0271c08f03bd8f63af4ab97f4297596520e31
874e87fa935e7bccb5fa562bb4796cb9016ffda5fe036c748cd6458de421bf67
8ae93413e98c01d05136c2577b6d757816bffacd01ed791d03d617e20aca8c25
8c7e998188c4aa6fe937aa0b22bfbc673d477709dd9abac839068abcc4f8b514
8d1c0431c216e6bc20750cba7eaff0399e7f1885a883f51ebb755358dedbeb15
8f4addf1d78d82bef3e7276d7d65c3afc349206557a773efd408839ded9613d7
92ed32b298067073fadb7b50b98d8a68205ca51a3cc72b7d367d8fa6968b8893
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9e9089451b2c387f04a08643794670ee0a3c7e0602d5b009d88ad5903cb6ef
9fd2f44a12651847d4146ed7df47e2c9abd365da6416125da37cc450faf6e103
a2bfd4599846e27f643dabf88775c33e8417236ae2ad1234299815d2e034cde6
a44db99606e49694ff9f128abc52948fce50e21e1661018fbfa8eca19eb6c466
ac379c6878833c6c9e4866f39a415a6a9f5edffacc731a07b5ccdfecfd855bb9
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b600f1dc62b172effa1611f27da2410354b23d9bc79f34a525821752fafcde83
bb16ee6fd17d39c404201dc8db250ddc46b29c963d4334b3952e9508eb1c4381
bc2b5bddcf1a22673c3dca50357eb75f0767e259dae969fa3fcf2770d9b764d6
be689b5c3622563fa4818092fdc35d75da3b23ee1bc4c1e84fc658d3125ea61a
bea2e9eacf6b03ae566c43fb0fa53b32ab2c62f176b7715e6748556c61ce2536
c7398c2da6a00bcba75812a3dc8df713fe94beaf5b24c159abeb1a576ae500a7
c8e1dce265cea7d90e478aa40cb736db23297ccaac0fb4d76e42b4ea129c4c09
caf63b3ed8937749dfafd38336b252bc3a09cd808c9999ebc4a4dd4cb5b56691
cc2c0f32958626009066e8979806e385913041f697166912b8279e17c57e141b
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d914684a085399f9b850a1e962e66965528830404f7d0764155048d743946580
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f51f53e586512e89dc3977ce41de16d16c211bd29d8d45ad6e84e064c19832
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
eea4a407f97d1ed26d2008f3efbf55244dace5745a6cda66d43739b729a7ca5f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1091a10ed2a757eeafb86139fe5645cef1b7edaf13ba446de20d58f2afc6d1a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f1d1eb692078151e3a5b19cb95f1ebc436dddd440037df51e2a8205568e2e15f
f3840002e7b1644ebb26dc6aa60f6c2e66bce95fe0cadb948212a9ed72538e5d
f45d6a4310701d60268a68e2743be442448f727ebb9bc78b7119b1eb4295619e
f7a8f6532b19d2d6253176ff135bfdd40b6893fa4e4963365618cde7d6568526
fc9373af2743078ab4783adf64f4ecdde66ac0eb5259d34eda1240a2f3be7aae
fdf69e229adb4f3335f2620c5234989116782d4e105f54affe7edb2ac79b9b7b
ffbb8e582693bffa8208f660f0545d011344f1cc763bb03bf8c91391f05f346c

us.ricoh-usa.com Open in urlscan Pro 142.0.165.137 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

108 Requests

90 %HTTPS

52 %IPv6

32 Domains

47 Subdomains

43 IPs

3 Countries

3028 kBTransfer

6539 kBSize

33 Cookies

3 Outgoing links

Page URL History

Redirected requests

108 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

us.ricoh-usa.com Open in urlscan Pro
142.0.165.137 Public Scan

Screenshot
Live screenshot

Full Image

108
Requests

90 %
HTTPS

52 %
IPv6

32
Domains

47
Subdomains

43
IPs

3
Countries

3028 kB
Transfer

6539 kB
Size

33
Cookies

108 HTTP transactions
1 data transactions