MalwareTips
Security Review

Is 1337xx.to legit or a scam?

Our verdict:Dangerous· 12/100

A deceptive 1337x clone using a typosquatted domain to distribute potentially malicious torrents and aggressive redirects.

Top reasons
Typosquatted domain (1337xx.to) designed to impersonate the legitimate 1337x.to.Five antivirus engines (Chong Lua Dao, CRDF, Webroot, alphaMountain.ai, Gridinsoft) flag the site as malicious or suspicious.User reports on Reddit identify the site as a clone that distributes malware.
1337xx.toScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 18
Category tags
cracked appmalware#cracked app#malware#clone site90% MT confidence
Warning signals (1)
Redirects to another domain

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
5/92
Engines flagged this URL
Domain Age
5 years old
Registered Mar 28, 2021
MT Intelligence
Dangerous
High likelihood · 90% confidence
DANGEROUS

Brand impersonation — not the real site

5 of 92 antivirus engines flag this page (3 outright malicious). This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Website Preview

Screenshot of 1337xx.to
LIVE RENDER
1337xx.to
1Page uses the branding and layout of the 1337x torrent index

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

30
/ 100
Moderate visual risk

Visual red flags detected in the screenshot

The page appears to be a fully-rendered functional torrent index or mirror site; while associated with copyright-infringing content, it does not display immediate visual scam indicators like fake security alerts or phishing forms.

Visual risk30/100

What our vision model saw

4 signals

Page uses the branding and layout of the 1337x torrent index

Banner lists alternative domains which is common for mirror or proxy sites

Content categories include adult (XXX) and copyrighted media icons

Design is consistent with known file-sharing portal aesthetics

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain uses a 'typosquatting' technique by adding an extra 'x' to the official 1337x.to address to catch users making a typing error. Our antivirus network shows five detections from engines including Chong Lua Dao, CRDF, and Webroot, which classify the site as malicious or suspicious. While some proxy lists mention it, security research and community reports on Reddit confirm it is a clone that often serves different, riskier content than the original. The site lacks any verifiable business registration or contact information, which is typical for high-risk file-sharing mirrors. We have high confidence that this site is intended to deceive users looking for the legitimate 1337x platform.
Full dossier
Analysis complete

Page Content

The site mirrors the layout and branding of the 1337x torrent portal, offering categories for movies, games, and software. However, it lacks the functional community features of the original and relies on aggressive third-party redirects to external domains like toweleyewitnessrubbing.com.

Infrastructure

The site is hosted behind a common content delivery network, which hides the true origin server. It loads several external scripts and trackers that are frequently associated with intrusive advertising and potential browser-based threats.

Domain History

The domain has been active for over five years, allowing it to build a presence in various 'proxy lists' despite its deceptive nature. It specifically targets the 1337x brand by using a nearly identical URL structure to capture organic search traffic.

Web Reputation

Security analysts and user communities have flagged this specific URL as a 'fake' mirror. Reports indicate that the torrents provided may not match the hashes of the original site, suggesting the files could be tampered with or bundled with unwanted software.
Risk Factors
5
  • Typosquatted domain (1337xx.to) designed to impersonate the legitimate 1337x.to.
  • Five antivirus engines (Chong Lua Dao, CRDF, Webroot, alphaMountain.ai, Gridinsoft) flag the site as malicious or suspicious.
  • User reports on Reddit identify the site as a clone that distributes malware.
  • Aggressive redirects to suspicious external domains during navigation.
  • Complete lack of verifiable contact information or business ownership details.
Positive Signals
2
  • The domain has been registered for over 1,900 days.
  • Valid SSL certificate issued by Google Trust Services.
AI Recommendation
Avoid using this site and do not download any files from it. If you need to access 1337x, ensure you are using the official domain and verify all torrent hashes before opening downloaded content.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for 1337xx.to, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
5.2 yrs
Registered Mar 2021
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones 1337x.to
The page impersonates a well-known brand's site.
Typosquat check
Typosquat of 1337x.to
Deliberate misspelling of a real brand's domain.
Web mentions
3 scam reports · 3 positive
Key findings
7 headline facts from open-web research
  • 1337xx.to is frequently listed as a mirror/proxy for the popular torrent site 1337x.to in 2025-2026 proxy lists from FastestVPN, Techworm, and others.
  • Reddit users in r/Piracy describe it as a "clone site" or "fake" with broken filters, aggressive redirects (e.g. to livejasmin), and heavy ads; one post has 800+ upvotes discussing accidental use.
  • Consensus in the Reddit thread is to verify torrent hashes/magnets against the official 1337x.to; if they match, files are likely identical, but many advise deleting and redownloading from the real site.
  • Security sites like PureVPN explicitly warn that altered URLs like 1337xx.to are used to trick users; PCRisk labels 1337x.to variants as untrusted sites that proliferate malware via torrents.
  • The domain has existed for ~1911 days (~5.2 years) per provided info and appears in code repositories and proxy lists since at least 2021-2023.
  • No official 1337x documentation or Wikipedia lists 1337xx.to as primary; primary is 1337x.to (Wikipedia, Reddit r/1337x).
  • Like all 1337x proxies, it facilitates copyright infringement and carries inherent risks of malware in torrents plus intrusive advertising.
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • Reddit r/Piracyopen

    "Accidentally torrented from 1337xx.to instead of 1337x.to... I would definitely delete them. It's not worth it to risk it. Nobody makes a site that deceptive and doesn't riddle it with malware."

  • PureVPNopen

    "Many also use slightly altered URLs, such as 1337xx.to or 1337xto.net, to trick users into thinking they are visiting the real site."

  • PCRiskopen

    "1337x.to is an untrusted Peer-to-Peer sharing website... The material shared on such websites often infringes copyright laws and is commonly used to proliferate malware."

Positive reviews (3)
Quotes indicating the site is legitimate.
  • FastestVPNopen

    "1337xx.to (listed in table of 1337x torrents mirrors and proxy sites in 2026)"

  • Techwormopen

    "https://www.1337xx.to (listed among working 1337x proxy sites)"

  • GloryCloudopen

    "https://www.1337xx.to/ (listed as working in 2026 1337x Proxy Site List)"

Impersonation / typosquat
Typosquat of 1337x.to

Slightly altered URL (extra 'x') listed as mirror/proxy in some guides but called deceptive clone/fake in Reddit discussions and security articles; users report different UI and aggressive ads/redirects

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research found multiple warnings on Reddit and security blogs like PureVPN labeling 1337xx.to as a deceptive clone of the real 1337x site. Users report that the site features broken filters and aggressive redirects to adult advertising sites. While some third-party proxy lists include the URL, security-focused sources like PCRisk explicitly categorize these variants as untrusted platforms used to proliferate malware.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Critical cluster

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of 1337x.to.
  • Domain is a typosquat of 1337x.to.
Linked signals (2)
Clone of 1337x.toTyposquat of 1337x.to

Antivirus Engines

Detection matrix · live
5 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

3Malicious2Suspicious56Harmless92Engines
0
of 92
Chong Lua Dao
Malicious· malicious
CRDF
Malicious· malicious
Webroot
Malicious· malicious
alphaMountain.ai
Suspicious· suspicious
Gridinsoft
Suspicious· suspicious

5 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age5 years old
RegistrarGovernment of Kingdom of Tonga
RegisteredMar 28, 2021
ExpiresMar 28, 2028
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresSep 15, 2026 (84d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare
PopularityTop 100k worldwide

Redirect Chain

Hops
2
Cross-domain
Yes
Lookalike
No
Punycode
No
  • 1301http://1337xx.to/
  • 2301https://1337xx.to/
  • 3200https://www.1337xx.to/cross-domain

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
50/100
  • Domain is a typosquat of 1337x.to.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with 1337xx.to

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

1337xto.tosstatic1.histats.comtoweleyewitnessrubbing.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags 1337xx.to as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — 1337xx.to scored 12/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. 1337xx.to presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 84 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • 1337xx.to is 5.2 years old, registered on 3/28/2021 through Government of Kingdom of Tonga. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 5 out of 92 antivirus engines in our malware network flagged 1337xx.to as malicious or suspicious (3 outright malicious). Even one detection is a meaningful signal.
  • No. 1337xx.to is not currently listed on the major browser blocklist feeds that modern browsers use.
  • 1337xx.to resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Yes. 1337xx.to sits in the global top-100k on Cloudflare Radar, which means it has substantial real-world traffic. That does not automatically make it safe, but established brands almost always rank here and throwaway scam domains almost never do.

Final Verdict

0
Trust / 100
Final Verdict·1337xx.to
DANGEROUS

This site is a deceptive clone of the popular 1337x torrent index that uses a typosquatted domain to trick users. Multiple security engines flag it as malicious, and user reports indicate it is used to distribute malware and aggressive advertising. Do not download files or enter any information here.

Avoid using this site and do not download any files from it. If you need to access 1337x, ensure you are using the official domain and verify all torrent hashes before opening downloaded content.

AV engines
92
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
visionstovictory.com
18m ago
Read the review
Dangeroustrust1
erporner.com
21m ago
Read the review
Dangeroustrust11
860u.fundreporting.info
23m ago
Read the review
Dangeroustrust1
paikarihatbd.com
26m ago
Read the review
Dangeroustrust28
login.telefonica.work
30m ago
Read the review
Dangeroustrust25
alkaleanweightlossreviews.blogspot.com
60m ago
Read the review
Dangeroustrust9
dancing-froyo-1eba9c.netlify.app
1h ago
Read the review
Dangeroustrust1
clearmic.net
1h ago
Read the review
Dangeroustrust22
id.modcombo.com
1h ago
Read the review
Dangeroustrust1
orizonia.net
1h ago
Read the review
Dangeroustrust30
a-slon6.net
1h ago
Read the review
Dangeroustrust1
server-page-editor--lumberjack41.replit.app
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.