Submitted URL: http://xx1slot.click/
Effective URL: https://xx1toto.id/
Submission: On April 01 via api from CH — Scanned from US

Summary

This website contacted 7 IPs in 1 countries across 17 domains to perform 12 HTTP transactions. The main IP is 172.67.164.46, located in United States and belongs to CLOUDFLARENET, US. The main domain is xx1toto.id.
TLS certificate: Issued by E1 on March 6th 2024. Valid for: 3 months.
This is the only time xx1toto.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 172.67.206.233 13335 (CLOUDFLAR...)
1 1 172.67.211.69 13335 (CLOUDFLAR...)
1 1 172.67.221.160 13335 (CLOUDFLAR...)
1 1 172.67.156.170 13335 (CLOUDFLAR...)
1 1 172.67.195.201 13335 (CLOUDFLAR...)
1 1 172.67.133.37 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 172.67.197.135 13335 (CLOUDFLAR...)
1 1 172.67.163.232 13335 (CLOUDFLAR...)
1 1 172.67.138.143 13335 (CLOUDFLAR...)
2 172.67.164.46 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
3 2607:f8b0:400... 15169 (GOOGLE)
2 172.67.181.230 13335 (CLOUDFLAR...)
1 142.251.32.97 15169 (GOOGLE)
1 2a03:2880:f11... 32934 (FACEBOOK)
12 7
Apex Domain
Subdomains
Transfer
3 gstatic.com
fonts.gstatic.com
53 KB
2 tbgroup-cdn.online
tbgroup-cdn.online — Cisco Umbrella Rank: 789679
637 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 182
70 KB
2 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 389
76 KB
2 xx1toto.id
xx1toto.id
8 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
269 B
1 masukdua1toto.xyz
masukdua1toto.xyz
470 B
1 masukdua1toto.shop
masukdua1toto.shop
481 B
1 duasatu4d.live
duasatu4d.live
471 B
1 duasatutoto.pro
duasatutoto.pro
453 B
1 topgamingxx1.live
topgamingxx1.live
477 B
1 totoxx1ampuh.art
totoxx1ampuh.art
476 B
1 xx1hongkong.xyz
xx1hongkong.xyz
469 B
1 xx1sydney.xyz
xx1sydney.xyz
466 B
1 xx1totomacau.com
xx1totomacau.com
470 B
1 xx1toto303.org
xx1toto303.org
475 B
1 xx1slot.click
xx1slot.click
444 B
12 17
Domain Requested by
3 fonts.gstatic.com xx1toto.id
2 tbgroup-cdn.online xx1toto.id
2 connect.facebook.net xx1toto.id
connect.facebook.net
2 cdn.ampproject.org xx1toto.id
cdn.ampproject.org
2 xx1toto.id xx1toto.id
1 www.facebook.com xx1toto.id
1 masukdua1toto.xyz 1 redirects
1 masukdua1toto.shop 1 redirects
1 duasatu4d.live 1 redirects
1 duasatutoto.pro 1 redirects
1 topgamingxx1.live 1 redirects
1 totoxx1ampuh.art 1 redirects
1 xx1hongkong.xyz 1 redirects
1 xx1sydney.xyz 1 redirects
1 xx1totomacau.com 1 redirects
1 xx1toto303.org 1 redirects
1 xx1slot.click 1 redirects
12 17

This site contains links to these domains. Also see Links.

Domain
shrtx.cc
Subject Issuer Validity Valid
xx1toto.id
E1
2024-03-06 -
2024-06-04
3 months crt.sh
misc-sni.google.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-01-09 -
2024-04-08
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
tbgroup-cdn.online
E1
2024-03-04 -
2024-06-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://xx1toto.id/
Frame ID: 6056A9137EB47F4C1D58C39633CC8C72
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

XX1TOTO # LINK ASLI XX1TOTO MENYALA ABANGKU 🔥

Page URL History Show full URLs

  1. http://xx1slot.click/ HTTP 307
    https://xx1slot.click/ HTTP 301
    https://xx1toto303.org/ HTTP 301
    https://xx1totomacau.com/ HTTP 301
    https://xx1sydney.xyz/ HTTP 301
    https://xx1hongkong.xyz/ HTTP 301
    https://totoxx1ampuh.art/ HTTP 301
    https://topgamingxx1.live/ HTTP 301
    https://duasatutoto.pro/ HTTP 301
    https://duasatu4d.live/ HTTP 301
    https://masukdua1toto.shop/ HTTP 301
    https://masukdua1toto.xyz/ HTTP 301
    https://xx1toto.id/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

17
Domains

17
Subdomains

7
IPs

1
Countries

844 kB
Transfer

1283 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://xx1slot.click/ HTTP 307
    https://xx1slot.click/ HTTP 301
    https://xx1toto303.org/ HTTP 301
    https://xx1totomacau.com/ HTTP 301
    https://xx1sydney.xyz/ HTTP 301
    https://xx1hongkong.xyz/ HTTP 301
    https://totoxx1ampuh.art/ HTTP 301
    https://topgamingxx1.live/ HTTP 301
    https://duasatutoto.pro/ HTTP 301
    https://duasatu4d.live/ HTTP 301
    https://masukdua1toto.shop/ HTTP 301
    https://masukdua1toto.xyz/ HTTP 301
    https://xx1toto.id/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
xx1toto.id/
Redirect Chain
  • http://xx1slot.click/
  • https://xx1slot.click/
  • https://xx1toto303.org/
  • https://xx1totomacau.com/
  • https://xx1sydney.xyz/
  • https://xx1hongkong.xyz/
  • https://totoxx1ampuh.art/
  • https://topgamingxx1.live/
  • https://duasatutoto.pro/
  • https://duasatu4d.live/
  • https://masukdua1toto.shop/
  • https://masukdua1toto.xyz/
  • https://xx1toto.id/
31 KB
8 KB
Document
General
Full URL
https://xx1toto.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7dc715d3b11b79db767b48a94c7836bb8fea67f359a87c77f986572dbe22f15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86d79e684d8eb3d1-MIA
content-encoding
br
content-type
text/html
date
Mon, 01 Apr 2024 09:40:38 GMT
last-modified
Thu, 14 Mar 2024 03:28:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ics1y8Irv1y3mFcUIDmNz%2F1k6O3NECBC0cpypsm1yIGMPOAaV6Uz%2ByD8jeXmZUB8oPpNR4VUFMJJQ1%2Fv8B6k6l4qbodV9jAX7cmeq29A3m1HsWqzpD7Dh5SXeI6j"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-ray
86d79e671ef28dd8-MIA
date
Mon, 01 Apr 2024 09:40:37 GMT
expires
Mon, 01 Apr 2024 10:40:37 GMT
location
https://xx1toto.id/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eb55WnzHZL%2F0fhpz2EzO8YRuiRGaNIcjCiJFJ0kbWPg8Nhero7ZZyIVcTzwRnHBTbaaUcMsNR0Bi4JQZ8shl%2B1PEKKUBKLsnDdRe2p3eA9PXtqNPS0XXKEQPtLz5dUc4P5DkbA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
v0.js
cdn.ampproject.org/
278 KB
73 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7494b7d3bd7ebd4397018fb47a1afaad0d91140252ccdc13ace040f63ae3c5d2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Mon, 01 Apr 2024 09:40:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73162
x-xss-protection
0
server
sffe
etag
"e1a7433a07fbec30"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3000, stale-while-revalidate=1206600
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Mon, 01 Apr 2024 09:40:38 GMT
fbevents.js
connect.facebook.net/en_US/
218 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Apr 2024 09:40:38 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58040
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=63, rtx=0, c=12, mss=1294, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
X7H6AFjmi6EiFTE4Zku87wzsbm14G+k+vKDzZAdxWo/4KwK7pZaS6+3BXpnxEOEdRal0BPvMD6u/Ovi+Eya/dA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
dazS1PrQQuCxC3iOAJFEJYlIZu-HDpmDIZMigmsroc4.woff2
fonts.gstatic.com/s/robotoslab/v6/
17 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJYlIZu-HDpmDIZMigmsroc4.woff2
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0107935a0303f0ce2b60d53eed58d106585867a4cd428c41270e8f2a4543f846
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xx1toto.id/
Origin
https://xx1toto.id
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Wed, 27 Mar 2024 08:12:33 GMT
x-content-type-options
nosniff
age
437285
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17596
x-xss-protection
0
last-modified
Thu, 28 Aug 2014 18:22:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 27 Mar 2025 08:12:33 GMT
dazS1PrQQuCxC3iOAJFEJUo2lTMeWA_kmIyWrkNCwPc.woff2
fonts.gstatic.com/s/robotoslab/v6/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJUo2lTMeWA_kmIyWrkNCwPc.woff2
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
244ee9a4590b7b41d8dd4e1f6e398fc45e50f50bb4bcae840575bddd5d1ac5fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xx1toto.id/
Origin
https://xx1toto.id
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Wed, 27 Mar 2024 09:05:58 GMT
x-content-type-options
nosniff
age
434080
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17940
x-xss-protection
0
last-modified
Thu, 28 Aug 2014 20:44:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 27 Mar 2025 09:05:58 GMT
y7lebkjgREBJK96VQi37Zo4P5ICox8Kq3LLUNMylGO4.woff2
fonts.gstatic.com/s/robotoslab/v6/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotoslab/v6/y7lebkjgREBJK96VQi37Zo4P5ICox8Kq3LLUNMylGO4.woff2
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba7f2eb104dcd9832e35dcec954c35095b21bda36eddcb0e939f8fd4896c73ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xx1toto.id/
Origin
https://xx1toto.id
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Wed, 27 Mar 2024 07:57:42 GMT
x-content-type-options
nosniff
age
438176
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17492
x-xss-protection
0
last-modified
Thu, 28 Aug 2014 20:40:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 27 Mar 2025 07:57:42 GMT
logo.webp
xx1toto.id/
146 B
146 B
Image
General
Full URL
https://xx1toto.id/logo.webp
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Mon, 01 Apr 2024 09:40:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
15
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWNRtI2dpjw1hoFKW1bhSri63BKy5sDD73iPCdKyjCmo0Z3U%2FzeZQekSx3hSWBHIlv4qX4RXbDSq9Cj5V%2BCx95xzyf5J3%2Fdp9j20QheY6HZUYCFFwFnHeJtMVy6K"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
cf-ray
86d79e6fd9d8b3d1-MIA
alt-svc
h3=":443"; ma=86400
XX1-HP.png
tbgroup-cdn.online/wp-content/uploads/
209 KB
209 KB
Image
General
Full URL
https://tbgroup-cdn.online/wp-content/uploads/XX1-HP.png
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.181.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a954b5ca48851432bcdcb43da9b995bbe40b6e57fef1b12aabaf3c4330e63c8f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Mon, 01 Apr 2024 09:40:39 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 06 Mar 2024 09:50:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"342b2-612fae562e971"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSL2T17BkrCHytlGgBVwT7j4HRNLkqWICJ3ZXp2ONeDyiE2MLwfWzA97UT%2FMBMq%2Fl0ADVYR0IvzYjZP6tGq%2FSD4Yde1cavYZ0M8VkJtOCJiItKARIa3xmVix1gT0qpHzG6BWaN8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
86d79e708fb074a6-MIA
alt-svc
h3=":443"; ma=86400
content-length
213682
amp-loader-0.1.js
cdn.ampproject.org/rtv/012403142137000/v0/
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012403142137000/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.97 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f1.1e100.net
Software
sffe /
Resource Hash
1dc762115b07cf20154e69d9aa7291f10a3dc8657a37c731d9e89914340dcb6f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://xx1toto.id/
Origin
https://xx1toto.id
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 27 Mar 2024 23:35:27 GMT
age
381912
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3927
x-xss-protection
0
server
sffe
etag
"35199fe22a6880b4"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 27 Mar 2025 23:35:27 GMT
915173686931286
connect.facebook.net/signals/config/
55 KB
12 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/915173686931286?v=2.9.151&r=stable&domain=xx1toto.id&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ca2d30d95ae6d57d0a19b31d1f7b43098448eda7596f5be1716cfc1cf97d4cc1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Apr 2024 09:40:39 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
11651
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=63, mss=1294, tbw=63177, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
NHJYdnMF869SG+d9fp0y7Tk2ZkBGZcDylmEmDKlN20SoPm87cJt7CI9QCthO1R/NNW+UdxrsPoP19+7lckZPpw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
269 B
Image
General
Full URL
https://www.facebook.com/tr/?id=915173686931286&ev=ViewContent&dl=https%3A%2F%2Fxx1toto.id%2F&rl=&if=false&ts=1711964439172&sw=800&sh=600&v=2.9.151&r=stable&ec=0&o=4126&fbp=fb.1.1711964439170.2094754127&ler=empty&it=1711964439043&coo=false&rqm=GET
Requested by
Host: xx1toto.id
URL: https://xx1toto.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=62, rtx=0, c=10, mss=1294, tbw=2786, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 01 Apr 2024 09:40:39 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
1-2.jpg
tbgroup-cdn.online/wp-content/uploads/
427 KB
428 KB
Other
General
Full URL
https://tbgroup-cdn.online/wp-content/uploads/1-2.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.181.230 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4eab3bb1c2566e0bb4afada27917350dff77a2fc44b473107a0b9c01e6f3e63b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://xx1toto.id/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/12B436 Safari/600.1.4 (000410)

Response headers

date
Mon, 01 Apr 2024 09:40:39 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 06 Mar 2024 09:51:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6abfd-612fae8d3df29"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DL1zwLh4GyAdPleL%2FlApstuCVvlF%2BdvYNGE%2BkKY8%2F3K6FjL9wRBAT0QDzo8gdM8B87%2F3%2FyBPordQ2a85ClqpKx4ll34zW5rQ0tVPX%2F4ALBhioL7FlrBCYUQ4liYUdBW7Bwh9Slg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
accept-ranges
bytes
cf-ray
86d79e7379b474a6-MIA
alt-svc
h3=":443"; ma=86400
content-length
437245

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| fbq function| _fbq object| AMP_CONFIG object| AMP_EXP object| AMP object| __AMP_LOG function| HTMLElementOrig object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_URL_CACHE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS

1 Cookies

Domain/Path Name / Value
.xx1toto.id/ Name: _fbp
Value: fb.1.1711964439170.2094754127

2 Console Messages

Source Level URL
Text
security warning URL: https://xx1toto.id/
Message:
Mixed Content: The page at 'https://xx1toto.id/' was loaded over HTTPS, but requested an insecure element 'http://tbgroup-cdn.online/wp-content/uploads/XX1-HP.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://xx1toto.id/logo.webp
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ampproject.org
connect.facebook.net
duasatu4d.live
duasatutoto.pro
fonts.gstatic.com
masukdua1toto.shop
masukdua1toto.xyz
tbgroup-cdn.online
topgamingxx1.live
totoxx1ampuh.art
www.facebook.com
xx1hongkong.xyz
xx1slot.click
xx1sydney.xyz
xx1toto.id
xx1toto303.org
xx1totomacau.com
142.251.32.97
172.67.133.37
172.67.138.143
172.67.156.170
172.67.163.232
172.67.164.46
172.67.181.230
172.67.195.201
172.67.197.135
172.67.206.233
172.67.211.69
172.67.221.160
2606:4700:3031::6815:5483
2606:4700:3035::ac43:82ea
2607:f8b0:4006:80c::2001
2607:f8b0:4006:80f::2003
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
0107935a0303f0ce2b60d53eed58d106585867a4cd428c41270e8f2a4543f846
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
1dc762115b07cf20154e69d9aa7291f10a3dc8657a37c731d9e89914340dcb6f
244ee9a4590b7b41d8dd4e1f6e398fc45e50f50bb4bcae840575bddd5d1ac5fe
4eab3bb1c2566e0bb4afada27917350dff77a2fc44b473107a0b9c01e6f3e63b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
7494b7d3bd7ebd4397018fb47a1afaad0d91140252ccdc13ace040f63ae3c5d2
a954b5ca48851432bcdcb43da9b995bbe40b6e57fef1b12aabaf3c4330e63c8f
ba7f2eb104dcd9832e35dcec954c35095b21bda36eddcb0e939f8fd4896c73ba
ca2d30d95ae6d57d0a19b31d1f7b43098448eda7596f5be1716cfc1cf97d4cc1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7dc715d3b11b79db767b48a94c7836bb8fea67f359a87c77f986572dbe22f15