www.getbacktolifenow.com Open in urlscan Pro
69.167.152.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hop.clickbank.net/?affiliate=ivracu&vendor=btlife&clickid=732418131&subid=823080
Effective URL:
https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Submission Tags: https://phish.report @phish_report Search All
Submission: On July 11 via api (July 11th 2023, 12:15:36 am UTC) from FI — Scanned from FI

Summary HTTP 46 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 14 domains to perform 46 HTTP transactions. The main IP is 69.167.152.15, located in United States and belongs to LIQUIDWEB, US. The main domain is www.getbacktolifenow.com.
TLS certificate: Issued by R3 on May 18th 2023. Valid for: 3 months.

This is the only time www.getbacktolifenow.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 5 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.71.130.63 54.71.130.63	16509 (AMAZON-02) (AMAZON-02)
3 16	69.167.152.15 69.167.152.15	32244 (LIQUIDWEB) (LIQUIDWEB)
3	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (STACKPATH...) (STACKPATH-CDN)
10	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	54.149.102.248 54.149.102.248	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
4	143.204.215.114 143.204.215.114	16509 (AMAZON-02) (AMAZON-02)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
46	15

1 54.71.130.63 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-130-63.us-west-2.compute.amazonaws.com

hop.clickbank.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 69.167.152.15 (United States) 3 redirects

ASN32244 (LIQUIDWEB, US)
PTR: host.emilylark.com

www.erasemybackpain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
getbacktolifenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.getbacktolifenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.149.102.248 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-149-102-248.us-west-2.compute.amazonaws.com

cbtb.clickbank.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.215.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-114.fra53.r.cloudfront.net

prod.cbstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

cdn.fixbackpain.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

seal-boise.bbb.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	getbacktolifenow.com 2 redirects getbacktolifenow.com www.getbacktolifenow.com	217 KB
10	youtube.com www.youtube.com — Cisco Umbrella Rank: 91	1000 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88 jnn-pa.googleapis.com — Cisco Umbrella Rank: 289	33 KB
4	cbstatic.net prod.cbstatic.net — Cisco Umbrella Rank: 111590	65 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 static.doubleclick.net — Cisco Umbrella Rank: 348	1 KB
3	gstatic.com fonts.gstatic.com	46 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 368	35 KB
2	clickbank.net 1 redirects hop.clickbank.net — Cisco Umbrella Rank: 70258 cbtb.clickbank.net — Cisco Umbrella Rank: 108553	2 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 236	3 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 126	85 KB
1	bbb.org seal-boise.bbb.org — Cisco Umbrella Rank: 109565	5 KB
1	fixbackpain.org cdn.fixbackpain.org	128 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 749	31 KB
1	erasemybackpain.com 1 redirects www.erasemybackpain.com	171 B
46	14

	Domain	Requested by
14	www.getbacktolifenow.com	1 redirects www.getbacktolifenow.com
10	www.youtube.com	www.getbacktolifenow.com www.youtube.com
4	jnn-pa.googleapis.com	www.youtube.com
4	prod.cbstatic.net	cbtb.clickbank.net prod.cbstatic.net www.getbacktolifenow.com
3	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
3	cdn.jsdelivr.net	www.getbacktolifenow.com
2	googleads.g.doubleclick.net	1 redirects
1	yt3.ggpht.com
1	i.ytimg.com
1	static.doubleclick.net	www.youtube.com
1	seal-boise.bbb.org	www.getbacktolifenow.com
1	cdn.fixbackpain.org	www.getbacktolifenow.com
1	cbtb.clickbank.net	www.getbacktolifenow.com
1	code.jquery.com	www.getbacktolifenow.com
1	fonts.googleapis.com	www.getbacktolifenow.com
1	getbacktolifenow.com	1 redirects
1	www.erasemybackpain.com	1 redirects
1	hop.clickbank.net	1 redirects
46	18

This site contains links to these domains. Also see Links.

Domain
www.bbb.org
btlife.pay.clickbank.net
www.backtolifesystem.com

Subject Issuer	Validity	Valid
webdisk.getbacktolifenow.com R3	`2023-05-18` - `2023-08-16`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.clickbank.net Amazon RSA 2048 M01	`2023-02-07` - `2024-03-08`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.cbstatic.net Amazon RSA 2048 M02	`2023-02-24` - `2023-09-16`	7 months	crt.sh
cdn.fixbackpain.org Sectigo RSA Domain Validation Secure Server CA	`2023-05-01` - `2024-05-27`	a year	crt.sh
*.bbb.org DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-26` - `2024-04-25`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Frame ID: 1F71A7136A940119F16280A5E25A9F11
Requests: 28 HTTP requests in this frame

Frame: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
Frame ID: AE830D80438F87BB9D3AE74DC8C90380
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get Back to Life Now! - Getbacktolife.com

Page URL History Show full URLs

https://hop.clickbank.net/?affiliate=ivracu&vendor=btlife&clickid=732418131&subid=823080 HTTP 307
https://www.erasemybackpain.com/hop.php?hop=ivracu&clickid=732418131&subid=823080 HTTP 302
https://getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 HTTP 301
http://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 HTTP 301
https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

46
Requests

98 %
HTTPS

67 %
IPv6

14
Domains

18
Subdomains

15
IPs

4
Countries

1649 kB
Transfer

4431 kB
Size

5
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://www.bbb.org/snakeriver/business-reviews/internet-shopping/clickbank-in-boise-id-5004291/#bbbonlineclick

Search URL Search Domain Scan URL

URL: https://btlife.pay.clickbank.net/?cbitems=PHYSBUMP&cbskin=39980&cbfid=51870&vtid=deskfixbackpain2&clickid=732418131&subid=823080&cbtimer=1406&offer=btl
Title: Physical Products + Stream or Download on Any Device $197 $37 TodayOnly Pay Now Yes I Want To Stop Back Pain

Search URL Search Domain Scan URL

URL: https://www.backtolifesystem.com/privacy-policy/
Title: Privacy Policy |

Search URL Search Domain Scan URL

URL: https://www.backtolifesystem.com/terms-of-use
Title: Terms Of Use |

Search URL Search Domain Scan URL

URL: https://www.backtolifesystem.com/terms-of-sale
Title: Terms of Sale |

Search URL Search Domain Scan URL

URL: https://www.backtolifesystem.com/affiliate-agreement
Title: Affiliate Agreement |

Search URL Search Domain Scan URL

URL: https://www.backtolifesystem.com/contact
Title: Contact

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hop.clickbank.net/?affiliate=ivracu&vendor=btlife&clickid=732418131&subid=823080 HTTP 307
https://www.erasemybackpain.com/hop.php?hop=ivracu&clickid=732418131&subid=823080 HTTP 302
https://getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 HTTP 301
http://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 HTTP 301
https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

46 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.getbacktolifenow.com/
Redirect Chain

https://hop.clickbank.net/?affiliate=ivracu&vendor=btlife&clickid=732418131&subid=823080
https://www.erasemybackpain.com/hop.php?hop=ivracu&clickid=732418131&subid=823080
https://getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
http://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

26 KB
6 KB

170ms
168ms

Document
text/html

69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 8fff95624b758efe932f15e6a48d68ad2dea7d966281f42af9019585f41551ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

content-encoding: br
content-length: 5752
content-type: text/html; charset=UTF-8
date: Tue, 11 Jul 2023 00:15:29 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 11 Jul 2023 00:15:29 GMT
Keep-Alive: timeout=5, max=100
Location: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Server: Apache

GET
H2 200 videoplayerstyle.css
www.getbacktolifenow.com/css/ 3 KB
696 B 178ms
174ms Stylesheet
text/css 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 3823ea78d0703d955d775fb3aa30b9048792a4a6e8e9a75d0c188fc69a31b5b8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Mon, 10 Apr 2023 22:17:13 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 641

GET
H2 200 contentstyle.css
www.getbacktolifenow.com/css/ 835 B
423 B 170ms
166ms Stylesheet
text/css 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getbacktolifenow.com/css/contentstyle.css
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: f54d79ad476815fa70e528030d7d7122270a7aa597e6885b5df03618ad9e7e0b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Mon, 10 Apr 2023 22:17:24 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 356

GET
H2 200 orderbox.css
www.getbacktolifenow.com/css/ 8 KB
2 KB 180ms
177ms Stylesheet
text/css 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.getbacktolifenow.com/css/orderbox.css
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 7871a5dabf6d604dcbfde15117ded9059a031d7014080678475b2b57498c91e0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Mon, 10 Apr 2023 22:15:21 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1785

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/ 118 KB
21 KB 143ms
42ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css

Requested by

Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getbacktolifenow.com/
Origin: https://www.getbacktolifenow.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 00:15:29 GMT
x-content-type-options: nosniff
content-encoding: br
age: 5958013
x-jsd-version: 3.3.7
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21190
x-served-by: cache-fra-eddf8230076-FRA, cache-hel1410030-HEL
x-jsd-version-type: version
etag: W/"1d970-ZSfYvz4ek2i6uMe2D1a8Afo6/Wg"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap-theme.min.css
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/ 23 KB
3 KB 158ms
57ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap-theme.min.css

Requested by

Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getbacktolifenow.com/
Origin: https://www.getbacktolifenow.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 00:15:29 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2994660
x-jsd-version: 3.3.7
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2983
x-served-by: cache-fra-eddf8230053-FRA, cache-hel1410030-HEL
x-jsd-version-type: version
etag: W/"5b71-glZXU3T0MEdr3NSd6Yx3mQIpzjE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 css2
fonts.googleapis.com/ 25 KB
2 KB 250ms
84ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,400;1,500;1,700;1,900&display=swap

Requested by

Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44a7c357f29cf1b1e5ad83f61da5600507054f5ae0b73f5fae4bec22fb9ca0cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 00:15:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 00:15:29 GMT

GET
H2 200 jquery-3.6.4.min.js Show response
code.jquery.com/ 88 KB
31 KB 164ms
53ms Script
application/javascript 2001:4de0:ac18::1:a:1a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.4.min.js
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Request headers

Referer: https://www.getbacktolifenow.com/
Origin: https://www.getbacktolifenow.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15ec3"
vary: Accept-Encoding
x-hw: 1689034529.dop223.sk1.t,1689034529.cds244.sk1.hn,1689034529.cds256.sk1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 31011

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/ 36 KB
11 KB 143ms
43ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js

Requested by

Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.getbacktolifenow.com/
Origin: https://www.getbacktolifenow.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 00:15:29 GMT
x-content-type-options: nosniff
content-encoding: br
age: 6640336
x-jsd-version: 3.3.7
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10608
x-served-by: cache-fra-eddf8230034-FRA, cache-hel1410030-HEL
x-jsd-version-type: version
etag: W/"90b5-QwpEPXSDD+m+Ju/KQx9EjBs3QPk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 iframe_api Show response
www.youtube.com/ 1006 B
2 KB 282ms
95ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

85f1bb8f77d3f131bc8e6cfd3f839dc61b2be01f1ea7973f063b83f079bcdc95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=fi for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 11 Jul 2023 00:15:29 GMT

GET
H2 200 / Show response
cbtb.clickbank.net/ 936 B
1 KB 783ms
228ms Script
text/javascript 54.149.102.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cbtb.clickbank.net/?vendor=btlife
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.149.102.248 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-149-102-248.us-west-2.compute.amazonaws.com
Software: Apache /
Resource Hash: a3ba10e614083832f41494e71b4c53bd738a88a9ffd6f9a0c785348ec389527c

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:30 GMT
cache-control: max-age=900
server: Apache
content-length: 936
content-type: text/javascript;charset=UTF-8

GET
H2 200 background-new-compress-v2.avif
www.getbacktolifenow.com/images/ 8 KB
8 KB 174ms
165ms Image
application/octet-stream 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/background-new-compress-v2.avif
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/contentstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 21430c366101d0f9b4e89fef918f6a5dd57b11476b708a7dde309bfa4d26d306

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/contentstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:18 GMT
server: Apache
accept-ranges: bytes
content-length: 7990
vary: Accept-Encoding

GET
H2 200 background-new-compress-v2.webp
www.getbacktolifenow.com/images/ 25 KB
24 KB 174ms
166ms Image
image/webp 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/background-new-compress-v2.webp
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/contentstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: b0f47b8267c895946de7d5b0e592c083d55c6ce74b13533443d1b28812bdc5e7

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/contentstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:17 GMT
server: Apache
vary: Accept-Encoding
content-type: image/webp
accept-ranges: bytes
content-length: 24012

GET
H2 200 background-new-compress-v2.jpg
www.getbacktolifenow.com/images/ 39 KB
39 KB 173ms
163ms Image
image/jpeg 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/background-new-compress-v2.jpg
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/contentstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 17dbb5790d94003145941a104bd222a03c97682e7f138e32a8f9e28b2d29e267

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/contentstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
last-modified: Thu, 13 Apr 2023 19:17:18 GMT
server: Apache
accept-ranges: bytes
content-length: 40132
content-type: image/jpeg

GET
H2 200 bg-overlay-btl.avif
www.getbacktolifenow.com/images/ 16 KB
16 KB 501ms
492ms Image
application/octet-stream 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl.avif
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 8aabac4f42bfbe572f1dadbda6d1135b86f9406b6dcbdc63129fafeabfc0abd2

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:17 GMT
server: Apache
accept-ranges: bytes
content-length: 15996
vary: Accept-Encoding

GET
H2 200 bg-overlay-btl.webp
www.getbacktolifenow.com/images/ 32 KB
31 KB 663ms
655ms Image
image/webp 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl.webp
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 027441a6f3f49e3ead0ecfe713fd651fbe36c277620821ce2935577600aa7d61

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:17 GMT
server: Apache
vary: Accept-Encoding
content-type: image/webp
accept-ranges: bytes
content-length: 31801

GET
H2 200 bg-overlay-btl.png
www.getbacktolifenow.com/images/ 42 KB
42 KB 500ms
492ms Image
image/png 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl.png
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: a03f24d4c7a35cc970cdced772352999447285cebd882a880b91eaa629994f63

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:29 GMT
last-modified: Thu, 13 Apr 2023 19:17:15 GMT
server: Apache
accept-ranges: bytes
content-length: 42759
content-type: image/png

GET
H2 200 bg-overlay-btl-mobile.avif
www.getbacktolifenow.com/images/ 9 KB
9 KB 605ms
604ms Image
application/octet-stream 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl-mobile.avif
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 3d4a94c25a21e66c92d399af96396fc9f272283736c0a94173c609f17fd06d36

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:30 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:17 GMT
server: Apache
accept-ranges: bytes
content-length: 9387
vary: Accept-Encoding

GET
H2 200 bg-overlay-btl-mobile.webp
www.getbacktolifenow.com/images/ 16 KB
16 KB 764ms
764ms Image
image/webp 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl-mobile.webp
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: de00fe9deaf74c705759d218ff194a0ce4a55d48565f41538f2dce50da6f05e4

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:30 GMT
content-encoding: br
last-modified: Thu, 13 Apr 2023 19:17:17 GMT
server: Apache
vary: Accept-Encoding
content-type: image/webp
accept-ranges: bytes
content-length: 16338

GET
H2 200 bg-overlay-btl-mobile.png
www.getbacktolifenow.com/images/ 24 KB
24 KB 603ms
603ms Image
image/png 69.167.152.15
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.getbacktolifenow.com/images/bg-overlay-btl-mobile.png
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/css/videoplayerstyle.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.152.15 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.emilylark.com
Software: Apache /
Resource Hash: 8e33c644aeb4e3c44a2d06d7d68480438c13488022b58259b0cbd2345569bfa3

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/css/videoplayerstyle.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:30 GMT
last-modified: Thu, 13 Apr 2023 19:17:15 GMT
server: Apache
accept-ranges: bytes
content-length: 24601
content-type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 283ms
67ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.getbacktolifenow.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:16:07 GMT
x-content-type-options: nosniff
age: 352763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 22:16:07 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/1dda5629/www-widgetapi.vflset/ 203 KB
63 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af6158e274069f4e2307a859dae8bc4ab4ce3bf6fb9a42c8af1afa2f25171f89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1217
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64288
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 09 Jul 2024 23:55:12 GMT

GET
H3 200 null Show response
www.youtube.com/embed/ Frame AE83 45 KB
13 KB 112ms
112ms Document
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/www-widgetapi.vflset/www-widgetapi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0039d7b0ee24b4ab4ea3f74fe9b72a7b3fc70816abcf0d838afd657c61d74b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.getbacktolifenow.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:15:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 www-player.css
www.youtube.com/s/player/1dda5629/ Frame AE83 375 KB
47 KB 71ms
71ms Stylesheet
text/css 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e92898ba6e42dfb897dca8d1601a62828ebff402051a240c4a015ea1138a41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:06:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 520
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47749
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 10 Jul 2024 00:06:50 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame AE83 15 KB
15 KB 72ms
70ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 00:54:58 GMT
x-content-type-options: nosniff
age: 256832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 00:54:58 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame AE83 15 KB
15 KB 93ms
92ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 20:23:37 GMT
x-content-type-options: nosniff
age: 532313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Jul 2024 20:23:37 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/1dda5629/www-embed-player.vflset/ Frame AE83 311 KB
93 KB 130ms
129ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/www-embed-player.vflset/www-embed-player.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd246d635557581e8306bb09188bdd6caae6cedc47a799aaed9e96ed7db19a4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:04:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4279
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95637
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 09 Jul 2024 23:04:11 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/ Frame AE83 2 MB
752 KB 160ms
160ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/base.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2c034069c7eca8d0ea8554234e03baccf5e0c89c00f714368f71d465451917b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 12:39:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 387364
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 770303
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jul 2024 12:39:26 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/1dda5629/fetch-polyfill.vflset/ Frame AE83 9 KB
3 KB 155ms
155ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac8177161c3038b07597ec544de3c00f46e1a0aa6b4b4c045ff0495553cc5069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:31:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2625
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 09 Jul 2024 23:31:21 GMT

GET
H2 200 injectable.js Show response
prod.cbstatic.net/dist/ 187 KB
57 KB 239ms
81ms Script
application/javascript 143.204.215.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.cbstatic.net/dist/injectable.js
Requested by: Host: cbtb.clickbank.net
URL: https://cbtb.clickbank.net/?vendor=btlife
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-114.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f752e24e380963973c86376422b0618658de851a8b2011c69e394b787a1c593f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:14:07 GMT
x-amz-version-id: RdcimFzJWwtinCAQ.f3F8OeQrj2.m2uJ
content-encoding: gzip
last-modified: Mon, 21 Dec 2020 21:57:37 GMT
server: AmazonS3
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
etag: W/"af651c30e1a69f6f2124e9c1d094a300"
age: 83
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: BANSOs2f26kYvZ_uLMFqTj4s7-S-GipDFBEh4e8lHyI8ZVHGBPfPkQ==

GET
H/1.1 206
Partial Content Chair-Desktop-Fast.mp4
cdn.fixbackpain.org/lander/ 127 KB
128 KB 211ms
49ms Media
video/mp4 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.fixbackpain.org/lander/Chair-Desktop-Fast.mp4
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: cloudflare /
Resource Hash: a31408a5bde1673ed37ac98d92ea5a45f99805080d083df708d5d4cbaf107357

Request headers

Referer: https://www.getbacktolifenow.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 11 Jul 2023 00:15:30 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-130228/130229
Connection: Keep-Alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 130229
Last-Modified: Fri, 31 Mar 2023 00:24:47 GMT
Server: cloudflare
etag: "6426284f-1fcb5"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXWStGN1uIahplGUeSXdKu%2FcHKltNCq1YLOIQmbqrCXskTmbU8QBVuxipY8hcuUJNH2%2FMDXiEOKHdY%2F58r1%2BxZgGep3FIOC5OnSia6f2V26KoHhA2JqShal53cmNIgnzGWc%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: video/mp4
X-HW: 1689034530.dop201.sk1.t,1689034530.cds221.sk1.shn,1689034530.dop201.sk1.t,1689034530.cds012.sk1.c
Cache-Control: public
Accept-Ranges: bytes
CF-RAY: 7b50ec859b171afa-AMS

GET
H2 200 app-strings-en.json Show response
prod.cbstatic.net/dist/i18n/ 9 B
443 B 217ms
75ms XHR
application/json 143.204.215.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.cbstatic.net/dist/i18n/app-strings-en.json
Requested by: Host: prod.cbstatic.net
URL: https://prod.cbstatic.net/dist/injectable.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-114.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c89e0cd4c41144418e06885bb87e962fdb17567bf55adccb1678a1f6beca4c

Request headers

Accept: application/json
Referer: https://www.getbacktolifenow.com/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:14:08 GMT
x-amz-version-id: ZlnvsWVay.azLO76UGrGFfzKmZRJT9PH
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 83
x-cache: Hit from cloudfront
content-length: 9
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
server: AmazonS3
etag: "cdfca8b09e61ae7324e48f01984c9b34"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
vary: Origin
x-amz-cf-id: 775_bOTHG4Yxvf1a2DJL1mvbKX-GfcXuvYWPOYek-wX9Ap0WQ0YnHQ==

GET
H2 200 logo-header-two-tone-en.png
prod.cbstatic.net/dist/assets/ 3 KB
4 KB 74ms
72ms Image
image/png 143.204.215.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod.cbstatic.net/dist/assets/logo-header-two-tone-en.png
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-114.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84986c117f6f9418eff2f7ce5e55940671f178542c58092c05ef539ebd4da308

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:14:08 GMT
x-amz-version-id: rgVoO.sKTwEpJN65bYI.UT4E8UVMZSpC
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Mon, 21 Dec 2020 21:57:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 83
etag: "47cdefc96f75be3d978d4b444737b00e"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 3472
x-amz-cf-id: K2j_K_JXPmfupa1DnCFd-U1MwiIKYyBc16XzrzeewP_SCrc8C32fAA==

GET
H2 200 logo-tab-two-tone-en.png
prod.cbstatic.net/dist/assets/ 4 KB
5 KB 78ms
75ms Image
image/png 143.204.215.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod.cbstatic.net/dist/assets/logo-tab-two-tone-en.png
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-114.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2f4d0823359307bdc2fbcc62d1004b361b02cc8ae5d6cb75f314658827ee1eeb

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:14:08 GMT
x-amz-version-id: 65GBUS1AcRJNN3GRB3Nf3yY51OsdERt0
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 83
etag: "c06ae1ecaaf7e0610c68af117658a7e0"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 4341
x-amz-cf-id: yAJIGL0VoPe1ZZMn3mcxP8-GDcbgwXItdE_SfJpawzQqbYhHDjxlsg==

GET
H2 200 blue-seal-153-100-clickbank-5004291.png
seal-boise.bbb.org/seals/ 4 KB
5 KB 263ms
72ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal-boise.bbb.org/seals/blue-seal-153-100-clickbank-5004291.png
Requested by: Host: www.getbacktolifenow.com
URL: https://www.getbacktolifenow.com/?hop=ivracu&clickid=732418131&subid=823080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine / ASP.NET
Resource Hash: 2879dda234a0c535f2038ad9471a248ecb896c5289e84a3e713bf9c65dcc929a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.getbacktolifenow.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:30 GMT
last-modified: Fri, 16 Jun 2023 05:55:21 GMT
server: keycdn-engine
x-aspnet-version: 4.0.30319
x-edge-location: defr
x-powered-by: ASP.NET
x-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-robots-tag: noindex
x-shield: active
content-length: 4407
expires: Tue, 11 Jul 2023 04:15:30 GMT

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame AE83
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

80ms
79ms

XHR
application/json

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Protocol

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc1a80516598afe6bd197d34de061b811dc954e769b7ad0e5817b33c365d5871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:15:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 00:15:31 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame AE83 29 B
494 B 226ms
71ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:14:04 GMT
x-content-type-options: nosniff
age: 87
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:29:04 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 235ms
79ms Preflight
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 11 Jul 2023 00:15:31 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame AE83 68 KB
31 KB 91ms
90ms XHR
application/json+protobuf 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f5dc290250d343f96415f5c6534abaf9fa78ae1ee08a91af5b9531f265b3b27c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 11 Jul 2023 00:15:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31695
x-xss-protection: 0

GET
H3 200 embed.js Show response
www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/ Frame AE83 28 KB
8 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6490bc99f9e1c4e83464d6c648c9820471f085831358d173aa24fba6052ebb33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:17:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 399502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8164
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 01:48:17 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jul 2024 09:17:09 GMT

POST
H3 200 embedded_player Show response
www.youtube.com/youtubei/v1/ Frame AE83 31 KB
19 KB 96ms
95ms Fetch
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/embedded_player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

6f3f0ec5a81c62cdcc45ca9c82b981fbfe7d42881df476ac86897b8531d48988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Youtube-Bootstrap-Logged-In: false
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20230704.00.00
X-Goog-Visitor-Id: CgtIV2habkJ4TFNtWSiivrKlBg%3D%3D

Response headers

date: Tue, 11 Jul 2023 00:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19328
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:15:31 GMT

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/2DHR__dX4Eo/ Frame AE83 84 KB
85 KB 231ms
73ms Image
image/jpeg 2a00:1450:4001:829::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/2DHR__dX4Eo/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGGUgTyhDMA8=&rs=AOn4CLDantlPILZChzRcaE92B1IOn9weYg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7166fa7b72b32cecaecba7abe0a14fd145cfea391fcf67367b3c4561cc9ae153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 22:36:41 GMT
x-content-type-options: nosniff
age: 5930
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86295
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 11 Jul 2023 00:36:41 GMT

GET
DATA 200
OK truncated
/ Frame AE83 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AOPolaTvBWWKVOKNFpPvQb5uKila6qqHVhtoqWJRBk1PqQ=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame AE83 3 KB
3 KB 240ms
72ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AOPolaTvBWWKVOKNFpPvQb5uKila6qqHVhtoqWJRBk1PqQ=s68-c-k-c0x00ffffff-no-rj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dcfd204e36353527009ad309029945a9559532635e37a06cecfb5dd9d6e7bbe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:28:46 GMT
x-content-type-options: nosniff
age: 2805
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3090
x-xss-protection: 0
server: fife
etag: "v2d7"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 11 Jul 2023 23:28:46 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 80ms
79ms Preflight
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 11 Jul 2023 00:15:31 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame AE83 90 B
134 B 85ms
84ms XHR
application/json+protobuf 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/player_ias.vflset/fi_FI/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eac6d4ba04f1361a3d903c833f2a2e1ec762b2406409e1e5ee5b873e39245f52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 11 Jul 2023 00:15:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame AE83 28 B
54 B 89ms
84ms XHR
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/1dda5629/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
X-Goog-Request-Time: 1689034533134
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/null?autoplay=0&controls=0&rel=0&modestbranding=1&showinfo=0&wmode=transparent&playsinline=1&loop=1&enablejsapi=1&origin=https%3A%2F%2Fwww.getbacktolifenow.com&widgetid=1
X-YouTube-Client-Version: 1.20230704.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtIV2habkJ4TFNtWSiivrKlBg%3D%3D
X-YouTube-Ad-Signals: dt=1689034530595&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C894%2C503&vis=1&wgl=true&ca_type=image

Response headers

date: Tue, 11 Jul 2023 00:15:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:15:33 GMT

Verdicts & Comments Add Verdict or Comment

Malicious task.url
Submitted on October 6th 2023, 1:20:51 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://hop.clickbank.net/?affiliate=ivracu&vendor=prostadine&cbpage=tsl&affop=1&clickid=741314153&subid=823080 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://reward.lat https://www.greywish.com https://hop.clickbank.net https://getprostadine.com https://jomaliff.live https://www.br2ghatrk.com https://trfusera1.com https://testamazingshop.com http://fenders.makeup https://t.co https://firebasestorage.googleapis.com https://untestedpaper.com

Malicious task.domain
Submitted on September 30th 2023, 5:25:43 pm UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN SPYWARE: https://hop.clickbank.net/?affiliate=ivracu&vendor=vigortonic&cbpage=tsl&affop=1&clickid=740751766&subid=823080 sent by RUSSIAN MALNET using harvested emails and MALICIOUS websites: https://reward.lat https://www.greywish.com https://hop.clickbank.net https://emperorsvigortonic.com

Malicious page.url
Submitted on July 27th 2023, 1:48:37 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN MALWARE sent by large botnet targeting email addresses obtained from DATA BREACH using malicious websites: https://hop.clickbank.net/?vendor=sciencegen&affiliate=ivracu&cbpage=sptsl&postbackselect=tsl&subid=823080&hid=734216810 https://survey.rest https://shoptrkk.com https://todayshopart.com https://www.br2ghatrk.com https://trfusera1.com https://h-eshop.store https://www.greywish.com https://vitalitymineral.com https://www.merekt.com https://secure.klicktrk.com

Malicious page.url
Submitted on July 25th 2023, 3:24:15 am UTC — From United States

Threats: Malware Unwanted Software Potentially Harmful Application
Comment: RUSSIAN MALWARE sent by large botnet targeting email addresses obtained from DATA BREACH using malicious websites: https://hop.clickbank.net/?affiliate=ivracu&vendor=metacmplx&pid=break-v2&tid=823080&hid=733976049 https://survey.rest https://www.greywish.com https://www.merekt.com https://secure.klicktrk.com http://buysnorinator.com

Malicious page.url
Submitted on July 16th 2023, 10:45:21 pm UTC — From United States

Threats: Malware Spearphishing Social Engineering
Comment: RUSSIAN MALWARE sent by large botnet targeting email addresses obtained from DATA BREACH: https://hop.clickbank.net/?affiliate=ivrjec&vendor=resurge&lid=283872&tid=823080&clickid=733016045 using obfuscated malicious networks: https://comercio.click http://reward.lat/ https://www.br2ghatrk.com/ https://www.greywish.com https://planebale.com https://universalslimer.com https://pushingraids.com/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.clickbank.net/	1970-01-20 21:56:10	Name: q Value: 01.22063521B3E66A59D80B4250049D705CA2FE73CCA0813A96C29A570916E186C4E7DB6260BE77946AFD78F9091D529BD94087F8E2
.clickbank.net/	1970-01-20 17:29:46	Name: p Value: JKKC1y1DxQwAtFtIfboqalfDni8ziCtFU82WAorzj8rOoWhyv9EnKTDKKjMmGRsGzq4JkNlJQlcdEEx9ikcpRYDExz5jUIXifVsvFq2MnTd-uSLEJ4A5ytLNIindkxxX5tdyjp3wE6KzSnBWYRIz3kGZK9IAp9iSzZ2182K94OlIqKpLsV7JUx9jXtzYC7qpuD_GjA%3D%3D
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: oAZ0ohkxJUw
.youtube.com/	1970-01-20 17:29:46	Name: VISITOR_INFO1_LIVE Value: HWhZnBxLSmY
cbtb.clickbank.net/	1970-01-20 13:20:39	Name: AWSALBCORS Value: NqlNmFgu1+9WydYyF3uv2+ITIpAa/J8lgd+EQu2OS9/NMB2UgMslon088If9cImEHdcxDcLfHID/MVV+5EHe63ZqkauOOTG7lviyYoboJRnGAnPdiiBxxpRkPtGs

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.youtube.com/s/player/1dda5629/www-widgetapi.vflset/www-widgetapi.js(Line 1177) Message: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cbtb.clickbank.net
cdn.fixbackpain.org
cdn.jsdelivr.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
getbacktolifenow.com
googleads.g.doubleclick.net
hop.clickbank.net
i.ytimg.com
jnn-pa.googleapis.com
prod.cbstatic.net
seal-boise.bbb.org
static.doubleclick.net
www.erasemybackpain.com
www.getbacktolifenow.com
www.youtube.com
yt3.ggpht.com
143.204.215.114
2001:4de0:ac18::1:a:1a
2a00:1450:4001:80b::2006
2a00:1450:4001:80e::200a
2a00:1450:4001:811::2002
2a00:1450:4001:827::2001
2a00:1450:4001:828::2003
2a00:1450:4001:829::2016
2a00:1450:4001:82a::200e
2a04:4e42::485
2a0b:4d07:102::1
54.149.102.248
54.71.130.63
69.16.175.10
69.167.152.15
00c89e0cd4c41144418e06885bb87e962fdb17567bf55adccb1678a1f6beca4c
027441a6f3f49e3ead0ecfe713fd651fbe36c277620821ce2935577600aa7d61
17dbb5790d94003145941a104bd222a03c97682e7f138e32a8f9e28b2d29e267
21430c366101d0f9b4e89fef918f6a5dd57b11476b708a7dde309bfa4d26d306
2879dda234a0c535f2038ad9471a248ecb896c5289e84a3e713bf9c65dcc929a
2f4d0823359307bdc2fbcc62d1004b361b02cc8ae5d6cb75f314658827ee1eeb
3823ea78d0703d955d775fb3aa30b9048792a4a6e8e9a75d0c188fc69a31b5b8
3d4a94c25a21e66c92d399af96396fc9f272283736c0a94173c609f17fd06d36
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44a7c357f29cf1b1e5ad83f61da5600507054f5ae0b73f5fae4bec22fb9ca0cd
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6490bc99f9e1c4e83464d6c648c9820471f085831358d173aa24fba6052ebb33
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6f3f0ec5a81c62cdcc45ca9c82b981fbfe7d42881df476ac86897b8531d48988
7166fa7b72b32cecaecba7abe0a14fd145cfea391fcf67367b3c4561cc9ae153
7871a5dabf6d604dcbfde15117ded9059a031d7014080678475b2b57498c91e0
84986c117f6f9418eff2f7ce5e55940671f178542c58092c05ef539ebd4da308
85f1bb8f77d3f131bc8e6cfd3f839dc61b2be01f1ea7973f063b83f079bcdc95
8aabac4f42bfbe572f1dadbda6d1135b86f9406b6dcbdc63129fafeabfc0abd2
8e33c644aeb4e3c44a2d06d7d68480438c13488022b58259b0cbd2345569bfa3
8fff95624b758efe932f15e6a48d68ad2dea7d966281f42af9019585f41551ab
a03f24d4c7a35cc970cdced772352999447285cebd882a880b91eaa629994f63
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a2c034069c7eca8d0ea8554234e03baccf5e0c89c00f714368f71d465451917b
a31408a5bde1673ed37ac98d92ea5a45f99805080d083df708d5d4cbaf107357
a3ba10e614083832f41494e71b4c53bd738a88a9ffd6f9a0c785348ec389527c
ac8177161c3038b07597ec544de3c00f46e1a0aa6b4b4c045ff0495553cc5069
af6158e274069f4e2307a859dae8bc4ab4ce3bf6fb9a42c8af1afa2f25171f89
b0f47b8267c895946de7d5b0e592c083d55c6ce74b13533443d1b28812bdc5e7
bc1a80516598afe6bd197d34de061b811dc954e769b7ad0e5817b33c365d5871
d0039d7b0ee24b4ab4ea3f74fe9b72a7b3fc70816abcf0d838afd657c61d74b2
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dcfd204e36353527009ad309029945a9559532635e37a06cecfb5dd9d6e7bbe6
dd246d635557581e8306bb09188bdd6caae6cedc47a799aaed9e96ed7db19a4c
de00fe9deaf74c705759d218ff194a0ce4a55d48565f41538f2dce50da6f05e4
e5e92898ba6e42dfb897dca8d1601a62828ebff402051a240c4a015ea1138a41
eac6d4ba04f1361a3d903c833f2a2e1ec762b2406409e1e5ee5b873e39245f52
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f54d79ad476815fa70e528030d7d7122270a7aa597e6885b5df03618ad9e7e0b
f5dc290250d343f96415f5c6534abaf9fa78ae1ee08a91af5b9531f265b3b27c
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f752e24e380963973c86376422b0618658de851a8b2011c69e394b787a1c593f
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

www.getbacktolifenow.com Open in urlscan Pro 69.167.152.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 5 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

46 Requests

98 %HTTPS

67 %IPv6

14 Domains

18 Subdomains

15 IPs

4 Countries

1649 kBTransfer

4431 kBSize

5 Cookies

7 Outgoing links

Page URL History

Redirected requests

46 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.getbacktolifenow.com Open in urlscan Pro
69.167.152.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

46
Requests

98 %
HTTPS

67 %
IPv6

14
Domains

18
Subdomains

15
IPs

4
Countries

1649 kB
Transfer

4431 kB
Size

5
Cookies

46 HTTP transactions
1 data transactions

Malicious task.url
Submitted on October 6th 2023, 1:20:51 am UTC — From United States

Malicious task.domain
Submitted on September 30th 2023, 5:25:43 pm UTC — From United States

Malicious page.url
Submitted on July 27th 2023, 1:48:37 am UTC — From United States

Malicious page.url
Submitted on July 25th 2023, 3:24:15 am UTC — From United States

Malicious page.url
Submitted on July 16th 2023, 10:45:21 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!