context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
phishing
1 deceptive links where visible host does not match destination host
js obfuscation
Obfuscated document.write with encoded content
malicious redirect
JavaScript function openad_glitteridentifiernavy() uses window.open() to pop up a new browser window pointing to https://bg4nxu2u5t.com/IOP/IOP.php?c=1940616, an obfuscated ad-network URL with no clear attribution. The domain name is randomly generated (bg4nxu2u5t.com), a hallmark of malvertising infrastructure. Pop-up windows are triggered programmatically and can bypass user intent. (location: page.html:42 – inline <script> in <head>)
malicious redirect
JavaScript function openad_tsyndicate() uses window.open() to redirect users to https://tsyndicate.com/api/v1/direct/f0fb9152e37943c2afab48bddb8e34ea, a traffic syndication / ad-redirect API endpoint. Traffic syndication networks are frequently abused to chain-redirect users through malvertising, exploit kits, or scam landing pages. (location: page.html:42 – inline <script> in <head>)
malicious redirect
An autoplay iframe embeds content from https://creative.mavrtracktor.com/widgets/v4/Universal with parameters targeting 19sex.live and forcing autoplay. The domain 'mavrtracktor.com' is an ad-tracker/redirect domain. The iframe uses autoplayForce=1 and is sized to fill 100% width/height, silently loading third-party content and potentially chaining to further redirects without user interaction. (location: page.html:170 – <iframe> inside .a-d-block div)
malicious redirect
Two ad iframes load content from //a.labadena.com/api/spots/427597 and //a.labadena.com/api/spots/427598 with sandbox attributes permitting scripts, popups, and forms (allow-scripts allow-popups allow-forms allow-same-origin). The 'allow-popups' permission combined with an external ad-network domain enables redirect chains or pop-under attacks through the sandboxed iframe. (location: page.html:734 and page.html:977 – <iframe class='na'> banner ad blocks)
hidden content
A 1x1 pixel hidden iframe is injected by inline JavaScript at the bottom of the page (height=1, width=1, position:absolute, top:0, left:0, visibility:hidden). This invisible iframe is used to execute Cloudflare challenge scripts (cdn-cgi/challenge-platform/scripts/jsd/main.js) but the pattern of dynamically injecting hidden iframes and writing scripts into their documents is a technique also used for covert tracking, cookie syncing, and drive-by payload delivery. (location: page.html:1281 – inline <script> after Histats block)
hidden content
A <span> element with class 'footer_sun2600:1900:0:2d03::2e00' contains no visible text and appears to encode an IPv6-like address string in a CSS class name. This is unusual and could represent a covert data exfiltration channel, a server-side tagging mechanism, or an attempt to embed network identifiers invisibly in the rendered page. (location: page.html:1261 – <span class='footer_sun2600:1900:0:2d03::2e00'>)
social engineering
Multiple video titles on the page depict non-consensual sexual scenarios framed as entertainment (e.g., 'Home Invasion Gang Rape', 'Rape gang targets single working women', 'Raped for three days by my husband's subordinate'). While this is within the site's content category, the normalization and indexing of rape-fantasy titles alongside legitimate categories creates a social engineering risk by desensitizing users and potentially luring victims searching for adult content into content that glorifies sexual violence. (location: page.html:200-260 – censored video listing titles)
malicious redirect
The navigation bar contains an external link to https://19sex.live/ labeled 'LIVE CAM' opening in _blank, and the footer also links to https://19sex.live. This domain is the 'targetDomain' in the mavrtracktor iframe as well, indicating a coordinated traffic funnel from the main site to a live cam platform, consistent with affiliate fraud or forced traffic redirection schemes. (location: page.html:143 – nav <a href='https://19sex.live/'> and page.html:1271 – footer link)
curl https://api.brin.sh/domain/7mmtv.sxCommon questions teams ask before deciding whether to use this domain in agent workflows.
7mmtv.sx currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.