context safety score
A score of 47/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
obfuscated code
Three identical large obfuscated script blocks use a Caesar-cipher-like character rotation over a URI-decoded string to dynamically construct and execute JavaScript at runtime. The decoded payload controls ad network loader behavior and is deliberately unreadable. Pattern: decodeURI(...).split('').map((n,t)=>charCode rotation). Present three times in the head section. (location: page.html:68, page.html:70, page.html:72, page.html:74)
malicious redirect
External script loaded from //egotisticexcavateplywood.com/on.js — a randomly-worded, non-descriptive domain with no established reputation, consistent with malvertising or traffic-redirect networks. Loaded asynchronously with data-cfasync=false to bypass Cloudflare bot filtering. (location: page.html:69)
malicious redirect
External script loaded from //detoxifylagoonsnugness.com/in.js — another randomly-worded suspicious domain, consistent with ad-fraud or drive-by redirect infrastructure. Also loaded with data-cfasync=false. (location: page.html:72)
malicious redirect
External script loaded from //guidepaparazzisurface.com/bn.js — third randomly-worded suspicious domain loaded with data-cfasync=false. The pattern of three separate third-party scripts from unrecognized, randomly-named domains is a strong indicator of malvertising or covert redirect infrastructure. (location: page.html:75)
malicious redirect
A preheader banner ad redirects users to https://fhgte.com/tour via the Faphouse affiliate network (utm_campaign=ai.eYZ). The destination domain fhgte.com is a tracking/redirect domain. Combined with multilingual targeting across 14 languages, this is a broad-reach affiliate redirect designed to maximize click-through. (location: page.html:99)
social engineering
The site displays a persistent top-of-page banner promoting '1,000,000+ premium videos in one subscription' with a 'GET ACCESS' call-to-action in 14 languages, designed to pressure users into clicking through to a paid subscription funnel at fhgte.com. The multilingual targeting increases the reach and social-engineering pressure. (location: page.html:82-107)
hidden content
Numerous category list items are rendered with the CSS class 'bx-hidden', making them invisible in the rendered page while still present in the DOM. Categories affected include: Shower Sex, Asian Baddies, Orgy, MILF Baddies, Cosplay, Girl-Girl, White on Latina, White Baddies, Pornstars, Arab Baddies, Outdoor, Toys, JOI, Ebony Baddies, Handjob, Lesbian Baddies, Blonde Baddies, Brunette Baddies, Tattoos, Redhead Baddies, Footjob, OnlyFans Baddies, BBC, Muscle, Black, Amateur, Teen(18+), BBW, PAWG, Latina, Asian, MILF, Solo/Masturbating, Ebony, Brunette, Big Boobs, Arab, Blonde, Lesbian, Redhead, Porn Stars, Sex in Public. While likely a UX 'show more' pattern, the volume of hidden DOM elements is notable. (location: page.html:375-500)
obfuscated code
External ad-network script loaded from https://cdn-fc.com/creatives/bar/bar.min.js with a cache-busting timestamp parameter. The cdn-fc.com domain is associated with adult ad networks and serves minified/obfuscated creative code. This script initializes the 'banner' object used by the Faphouse preheader redirect. (location: page.html:66)
curl https://api.brin.sh/domain/baddies.xxxCommon questions teams ask before deciding whether to use this domain in agent workflows.
baddies.xxx currently scores 47/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.