urlscan.io logo urlscan.io
SecurityTrails logo

nowforfile.com Open in urlscan Pro
172.67.133.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://player.line.pm/187009543/watch/dll.php
Effective URL: https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb13...
Submission: On February 25 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 9 domains to perform 9 HTTP transactions. The main IP is 172.67.133.40, located in and belongs to . The main domain is nowforfile.com.
TLS certificate: Issued by GTS CA 1P5 on January 9th 2024. Valid for: 3 months.
This is the only time nowforfile.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 95.47.161.67 12722 (RECONN)
1 3 188.72.236.136 35415 (WEBZILLA)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 172.67.132.40 13335 (CLOUDFLAR...)
1 172.67.133.40 ()
9 4
1    95.47.161.67 (Donetsk, Ukraine)

ASN12722 (RECONN, RU)
player.line.pm
3    188.72.236.136 (Netherlands)

ASN35415 (WEBZILLA, NL)
PTR: 1f2-12-d2456-136.webazilla.com
quickd00wnload1.com
1    2606:4700:3031::ac43:a9e1 (United States)

ASN13335 (CLOUDFLARENET, US)
mmedia-saap.com
1    172.67.132.40 (United States)

ASN13335 (CLOUDFLARENET, US)
grounddetail.website
1    172.67.133.40 (None, )

ASN- ()
nowforfile.com
Domain Requested by
3 quickd00wnload1.com 1 redirects quickd00wnload1.com
1 nowforfile.com quickd00wnload1.com
1 grounddetail.website 1 redirects
1 mmedia-saap.com quickd00wnload1.com
1 player.line.pm 1 redirects
0 nostop.go2cloud.org Failed nowforfile.com
0 maxcdn.bootstrapcdn.com Failed nowforfile.com
0 code.jquery.com Failed nowforfile.com
0 yourjsdelivery.com Failed nowforfile.com
9 9

This site contains no links.

Subject Issuer Validity Valid
quickd00wnload1.com
R3		 2024-01-18 -
2024-04-17		 3 months crt.sh
mmedia-saap.com
GTS CA 1P5		 2024-01-04 -
2024-04-03		 3 months crt.sh
nowforfile.com
GTS CA 1P5		 2024-01-09 -
2024-04-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6
Frame ID: DBD0DB598D20A40FF4065770EBA63E88
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://player.line.pm/187009543/watch/dll.php HTTP 302
    https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22 Page URL
  2. https://quickd00wnload1.com/Xfas19zAPG022XZVQEAh2QCAFVTFwASAAAAAAAfbeQesXLi5c8gvqvFKKWxzSux7J1DxPhsV-rnZ... HTTP 302
    https://grounddetail.website/6dleck?o=235&t=download_o7&title=Play+Video+Now&source=41473&click_id=APG022... HTTP 302
    https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c... Page URL

Page Statistics

9
Requests

44 %
HTTPS

20 %
IPv6

9
Domains

9
Subdomains

4
IPs

3
Countries

17 kB
Transfer

18 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://player.line.pm/187009543/watch/dll.php HTTP 302
    https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22 Page URL
  2. https://quickd00wnload1.com/Xfas19zAPG022XZVQEAh2QCAFVTFwASAAAAAAAfbeQesXLi5c8gvqvFKKWxzSux7J1DxPhsV-rnZ0bA_Dccia0_AJuRIhLOxnVn3sZ-WduQfTDal0Mn3OpWOqraT3H2ihl-8vMBYP_9EDqMqlM4pPAIVejje0K9iiUBh6p3WtLoe0DNgw0XhoElRcXdak3OyzzfmJgG98LDU7k7wUzuWJ4H9Hg8RKQ_N06-cVYZ9XN-Q5YoILGUOXfZy1N0-ZETLKCDGxeqgxgD9OdQWffPChqw8w4BlvcPE8SXIEnHv3oNgOBzeIDgfmPUhzA5169qfZDQa2Xz1WxzpLcAKaefWm3gwFtR4sRfQ7SnEBm3j0pd8DBLQdI0T1OEV-oKtX_zHJxk1OKCefy4gmrm7Nx-yOSNf-jlY1brymVYzuo3WNXoaxbJ_ntH8NZiWcHdRV_HwG19z8NXIZnXeSGw5lk4ps9aD6ixXyfysUQttu9YA76-YROvsDAQgLY2BZDkLA2LritWib47B7CWIhmBnQUfh4AtvZ2QDvea0wThZ50D4mCiDeBmPEalITZGris-Tbp0ZRvDcGL3ySIgvpxFL77KRiXvlk1I_NNKV-bKWkfugVVIrfBYBpPyXAaX_HFYyKpzC5exL3SB5i19hexqcIO-ZSuK12lnp9B5PLbVU3-jnFpt6JkbXOLSBhXryFUAqsFHS7dwRkHEbQ9I1i7qCdc8oRSeLbunm2SytdBx47TIKaKrl1CmozcRufx2FZqvLEXXoDcWwtEvBpucMFHDlC4JkcRtH9_CUhvewEU8qtZEcbPPWzXtqEELvLFXKqeWWSy68EoSrrRkDqyhIhu8vyMAk7g8TdrXZUPY0mVI1YMpCJOeAe6eiRbbnpYS4WyXV_8hlx3kb3It5H1gGvl9bSX6fmEKxWkss5coJrOeFim_ikt84Nd0SPaJHhewyF92891VEK_mS139rV5Xm_l3AIy8K2LHsSl8geN2Y8a0DD3DrDIS14RmYOSUMzSljQ48pJg4KbeADly2nR0AtYwfALSXUR2sXxIQgDlOU5Z63BCLbrpM2imt8YB74uqpfev5pWj-4JtP7uU_F6mlIFjR9mdD-O18WcjELwCeiyEKh5grBZHffzfkwB8U09RfY5XQTimolmA_vOdHIKKaRTemu1k56vpYBLnhdwe97SNf1OwpW4X7OwSGviEbmpc1HayAPkHP2muxyNcV6aCXD-w-yluiP81YojI3?jts=134365312&jtf=137290969&w=1600&h=1200&jth=0d1224b4c0 HTTP 302
    https://grounddetail.website/6dleck?o=235&t=download_o7&title=Play+Video+Now&source=41473&click_id=APG022XZVQEAh2QCAFVTFwASAAAAAAAf HTTP 302
    https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://player.line.pm/187009543/watch/dll.php HTTP 302
  • https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff
quickd00wnload1.com/
Redirect Chain
  • http://player.line.pm/187009543/watch/dll.php
  • https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
15 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.136 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
1f2-12-d2456-136.webazilla.com
Software
nginx /
Resource Hash
df63726cb834864b895e159cc5672a3bb26bdfa80a3484cbb5ca85abf867953c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
text/html; charset=utf-8
date
Sun, 25 Feb 2024 21:45:21 GMT
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Sun, 25 Feb 2024 21:45:17 GMT
Location
https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Server
nginx/1.20.2
X-Powered-By
PHP/5.4.16
2gpj1qNAPG022XZVQEAh2QCAFVTFwASAAAAAAAf
quickd00wnload1.com/ 		68 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://quickd00wnload1.com/2gpj1qNAPG022XZVQEAh2QCAFVTFwASAAAAAAAf?jts=0&jtf=98304&jth=0d1224b4c0
Requested by
Host: quickd00wnload1.com
URL: https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.136 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
1f2-12-d2456-136.webazilla.com
Software
nginx /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:45:22 GMT
last-modified
Mon, 28 Mar 2022 12:35:46 GMT
server
nginx
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Mobile, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges
bytes
content-length
68
content-type
image/png
banner.gif
mmedia-saap.com/ads/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mmedia-saap.com/ads/banner.gif
Requested by
Host: quickd00wnload1.com
URL: https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:a9e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://quickd00wnload1.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:45:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2802
alt-svc
h3=":443"; ma=86400
content-length
42
last-modified
Thu, 25 Mar 2021 09:46:36 GMT
server
cloudflare
etag
"605c5bfc-2a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHTS7eLLuhvc8li20YBZRb7FBOe5%2Bu43MGgfax%2FRpeMdItYHPMMMFCqeh3wsYWH5sUxXnjyp3qQQvDlOPanSVu3ZKa82DlhN3FY%2BI13NSe%2Bj9qaoekOFvQDUnl6Wfc1I6NW0GGX2oCDP%2BL4E%2F9o%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b3228b28fa4bc6-BUF
0d3767f3-7ea6-4fd8-9315-d94ff9867379
https://quickd00wnload1.com/ 		82 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://quickd00wnload1.com/0d3767f3-7ea6-4fd8-9315-d94ff9867379
Requested by
Host: quickd00wnload1.com
URL: https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7534b915ff62ba67d9b11502539ba1a4b43b0cee3954a5109e92944622b35b35

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Length
82
Content-Type
text/javascript
Primary Request 566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6
nowforfile.com/
Redirect Chain
  • https://quickd00wnload1.com/Xfas19zAPG022XZVQEAh2QCAFVTFwASAAAAAAAfbeQesXLi5c8gvqvFKKWxzSux7J1DxPhsV-rnZ0bA_Dccia0_AJuRIhLOxnVn3sZ-WduQfTDal0Mn3OpWOqraT3H2ihl-8vMBYP_9EDqMqlM4pPAIVejje0K9iiUBh6p3Wt...
  • https://grounddetail.website/6dleck?o=235&t=download_o7&title=Play+Video+Now&source=41473&click_id=APG022XZVQEAh2QCAFVTFwASAAAAAAAf
  • https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6
2 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6
Requested by
Host: quickd00wnload1.com
URL: https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.133.40 -, , ASN (),
Reverse DNS
Software
cloudflare / PHP/7.1.27
Resource Hash

Request headers

Referer
https://quickd00wnload1.com/1BrS3927e9074121b8c2b62bcb8fcff687bc4d75475ff?q=Play+Video+Now&s1=22
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85b322908b2036b0-YYZ
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 25 Feb 2024 21:45:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqcMQVLg4egbDP9WCIZBaGruPBp2B1dkzmOvGABuEfBekxF1XqAgUeOABlagnUMhqzjpoby1xBZqyoZs7C5%2FqBauohbu6wBMPLxyb5NRepndZm50e6HpayREEGqBU3QTMA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.27

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85b3228e39894bd3-BUF
content-type
text/html; charset=UTF-8
date
Sun, 25 Feb 2024 21:45:23 GMT
location
https://nowforfile.com/566356e97b0e01d11d457a37f59c79c97f8840772bcb0d150dcac725b1ddab18661998cc802c2d03150f5a24c820fb1385c19981eeb4d7b6
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLyh7BsY98G%2F7oqBOHO0mbMSxqioHbSJEP%2FmDLxO6Uay9%2BCmKptdviU0bNsLjgkGUJrDvJe%2FMqvUtB%2BEXrN5d8nLLpnX2djzfrdFVWiEjQlRdMI3FbXIWxZPGoKaMzJcbdgv439E7A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.27
dl.min.js
yourjsdelivery.com/ 		0
0
jquery-3.1.0.min.js
code.jquery.com/ 		0
0
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		0
0
aff_i
nostop.go2cloud.org/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
yourjsdelivery.com
URL
https://yourjsdelivery.com/dl.min.js
Domain
code.jquery.com
URL
https://code.jquery.com/jquery-3.1.0.min.js
Domain
maxcdn.bootstrapcdn.com
URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Domain
nostop.go2cloud.org
URL
https://nostop.go2cloud.org/aff_i?offer_id=235&aff_id=2719&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&source=2719-41473&adv_sub=https%3A%2F%2Fwww.7-zip.org%2Fa%2F7z2201-x64.msi&adv_sub5=Chrome&adv_sub4=quickd00wnload1.com&adv_sub3=grounddetail.website&adv_sub2=nowforfile.com

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies