context safety score
A score of 42/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
social engineering
Site operates as an escort/adult services directory facilitating commercial sexual services. The platform uses emotionally manipulative ad copy ('Meet&Fuck', 'Fuck now', 'Local Sex') in navigation to drive users toward third-party monetization redirects. The disclaimer popup uses a browser-detection fork: Chrome users get a normal close, while non-Chrome users are silently redirected to /redirect.php 500ms after clicking 'I Agree', exploiting user consent for covert navigation. (location: page.html:1284-1296 (disclaimer agree_button onclick handler))
malicious redirect
The 'I Agree' disclaimer button contains a browser-sniffing fork: non-Chrome browsers trigger `setTimeout(function(){location.href='/redirect.php';},500)` after the user clicks agree. This covert server-side redirect fires without user knowledge or consent, sending non-Chrome visitors to an undisclosed destination at /redirect.php. (location: page.html:1284-1296)
malicious redirect
Multiple nav and sidebar ad links point to third-party redirect/tracking domains: engine.partylemons.com, one.pushtrk.info, engine.voluumtlkrnarketing.com, engine.forbiddenhunter.com, go.deegoodstuff.com, and a.mysteriousunicorntrace.com. These are advertising redirect networks commonly associated with malvertising, aggressive pop-unders, and push-notification phishing. All use numeric campaign IDs consistent with affiliate tracking. (location: page.html:73-75, 786-792)
credential harvesting
The login form submits email and plaintext password via jQuery $.post to /login.php with no CSRF token, no visible rate-limiting indicator, and no multi-factor mechanism. The form is served inside a modal popup, reducing user scrutiny. Credentials are concatenated into a query string (post_data) visible in inline JavaScript, making them accessible to any injected scripts or browser extensions. (location: page.html:86-98)
hidden content
The full US state/city navigation list (all_states ul) is rendered with style='display:none' and only toggled by JavaScript. This large block of hidden geographic link content is rendered in the DOM but invisible to users, while remaining fully crawlable — a classic SEO keyword-stuffing and cloaking technique used to inflate search ranking for adult service terms across all US cities. (location: page.html:309 (id='all_states' style='display:none'))
social engineering
Ad blocker detection script injects a warning message claiming 'It seems you are using ad blocker. Please whitelist this website or disable ad blocker for all features.' This coerces users into disabling security tooling (ad blockers) that would otherwise block the malvertising redirect links and third-party trackers embedded throughout the page. (location: page.html:1356-1361)
social engineering
Listing titles contain explicit sexual service abbreviations ('bbbj', 'gfe', 'nuru', 'full service') embedded as alt text and title text in product listings. These terms obfuscate illegal solicitation as legitimate escort advertising and are designed to evade automated content moderation while being understood by human readers. (location: page.html:820, 1210, 1223 (product listing alt/title attributes))
curl https://api.brin.sh/domain/callescort.orgCommon questions teams ask before deciding whether to use this domain in agent workflows.
callescort.org currently scores 42/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.