context safety score
A score of 35/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
js obfuscation
Obfuscated document.write with encoded content
obfuscated code
Heavily obfuscated JavaScript block injected in the page body via an async script loaded from mcizas.com (a third-party ad/tracking domain). The inline script uses multi-layer obfuscation: URI-encoded string decoding, positional Caesar-cipher character rotation, and dynamic code assembly from indexed substrings before executing the result. This pattern is consistent with malvertising payloads, drive-by download scripts, or fingerprinting frameworks designed to evade static analysis. (location: page.html:136 — <script async src='https://mcizas.com/pw/waWQiOjExNDgxNDQsInNpZCI6MTI2NDk0Miwid2lkIjo1MzAzNzEsInNyYyI6Mn0=eyJ.js'> and immediately following inline <script data-cfasync='false'>!function(){...)
malicious redirect
The adblock-detection script contains a redirect branch: if the user has an adblocker and the configured action is 'redirect', the code executes `window.location.href = rUrl` (supportRedirectUrl). While the redirect URL is currently empty, the infrastructure is in place to silently forward users to an arbitrary external URL when ad units are blocked, a common pattern for forced traffic redirection in malvertising. (location: page.html:5031-5035)
social engineering
The site uses aggressive social-engineering tactics to coerce users into registering: a dismissible notice promises 'ad-free experience', 'ability to save images', 'hidden section access', and 'request for favourite fakes' exclusively to registered members. This is designed to harvest user accounts (email addresses, usernames, passwords) by creating artificial urgency and reward incentives around explicit content access. (location: page.html:866 — notice text; page-text.txt:634)
brand impersonation
The site hosts and distributes AI-generated and manually-edited non-consensual intimate imagery (NCII/deepfakes) of real, named celebrities and public figures including Bollywood, Tamil, Telugu, Malayalam, Kannada, Pakistani, Sri Lankan, Hollywood actresses, and named individuals such as Shirley Setia and Sunny Leone. Content is labeled with real celebrity names alongside explicit sexual content. This constitutes mass brand/identity impersonation of real persons by associating their likenesses with fabricated pornographic material. (location: page.html:42-44 (meta description), 1705, 1880, 4036 (post content); page-text.txt:1473, 1648)
hidden content
The site advertises 'hidden sections' that are only accessible after registration and/or purchase of 'DF Coins' through an in-site shop. The contest description explicitly states 'win points to access hidden section and features'. This gate-keeps content behind account creation and monetization, incentivizing credential submission and payment to unlock undisclosed material — a classic hidden-content social-engineering funnel. (location: page.html:1118 (block-desc), 866 (notice), 4477-4530 (shop items))
social engineering
External navigation links to 'ThePornDude' (theporndude.com) and 'Porn Sites XXX' (pornsites.xxx) are embedded directly in the main navigation bar, normalizing outbound traffic to third-party adult aggregators. These links open in new tabs without adequate disclosure, potentially exposing users (including minors who circumvent the nominal 18+ gate) to additional adult-content ecosystems. (location: page.html:553-583)
curl https://api.brin.sh/domain/desifakes.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
desifakes.com currently scores 35/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.