context safety score
A score of 35/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
social engineering
Site hosts a 'voyeur/hidden camera' (盗撮 - tousatsu) category with 1,885 videos and a dedicated ranking entry for '盗撮-温泉仲居- 総集編 8時間2枚組' (voyeur hot-spring inn compilation), normalising and monetising non-consensual recording content. This constitutes social engineering around illegal surveillance activity. (location: page.html:788-796, page-text.txt:756-764)
social engineering
Multiple video titles describe non-consensual scenarios explicitly presented as real events: drugging ('媚薬飲ませて強●SEX'), groping/molestation ('痴漢'), covert filming ('盗撮'), and school-uniform minors labelled 'JK'. The framing as authentic amateur footage (素人) is a social-engineering vector to normalise sexual coercion. (location: page.html:331-432)
hidden content
A div with id='ad-over' is set to display:none and contains a dynamic document.write() call rendering content from adBody[adRand][1] — an externally-controlled ad payload injected invisibly into the page DOM. The content of adBody is not visible in the static HTML and is loaded at runtime via external JS, making it invisible to static scanners. (location: page.html:31)
hidden content
The page loads 'jquery.popunder.min.js' (/js/jquery.popunder.min.js), a library specifically designed to open unsolicited pop-under browser windows bypassing pop-up blockers. This silently opens additional pages — potentially malicious — in a background window without user consent. (location: page.html:16)
malicious redirect
An external ad script is loaded from the subdomain https://xxx.asg.to/ad/original_dt.js — a different origin (xxx.asg.to) injected via script tag. This third-party script can execute arbitrary JavaScript including redirects, credential harvesting overlays, or malware delivery. The domain uses an atypical 'xxx' subdomain pattern common in adult ad networks with opaque monetisation chains. (location: page.html:597)
credential harvesting
The page contains a login form (email address + password) posting to https://asg.to/login.html. The form uses a hidden redirect field (log_redir_uri) populated dynamically with the current page URL via JavaScript. After login, users can be silently redirected. Combined with the popunder and external ad scripts present on the page, this creates a credential-harvesting risk surface. (location: page.html:964-972)
social engineering
Site news section contains a notice (2018.9.26) instructing users whose accounts 'expired' to re-register for premium membership. The phrasing ('有効期限が切れて決済保留中のお客様') closely mirrors subscription-scam patterns used to pressure users into re-entering payment details under urgency. (location: page.html:1160-1166)
curl https://api.brin.sh/domain/asg.toCommon questions teams ask before deciding whether to use this domain in agent workflows.
asg.to currently scores 35/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.