context safety score
A score of 55/100 indicates minor risk signals were detected. The entity may be legitimate but has characteristics that warrant attention.
phishing
2 deceptive links where visible host does not match destination host
social engineering
Adult content site using exploitative and non-consensual framing in video titles (e.g., 'Village couple live sex leaked online', 'Lovers homemade sex scandal viral video exposed', 'Neighbor aunty boobs showing during bath caught on keyhole') to lure users with implied non-consensual or voyeuristic content, which is a known social engineering tactic to drive engagement and ad revenue. (location: page.html:367-385, page-text.txt:98-99)
brand impersonation
Footer copyright reads '©2023 Desivdo.pics_' while the site operates on the domain desivdo.hair. This mismatch between the copyright entity (desivdo.pics) and the active domain (desivdo.hair) suggests brand confusion or that this site is a clone/mirror of another domain, potentially impersonating or riding on the reputation of desivdo.pics. (location: page.html line ~849, page-text.txt:435)
malicious redirect
Two third-party ad network scripts loaded from opaque domains: //correspondimpulsive.com and //bullionglidingscuttle.com. These are non-descriptive, randomly-named domains characteristic of low-quality or malvertising ad networks. The 'atOptions' key b032ce620926cc9f6b0fdc75d238b238 is used to invoke an iframe ad unit via correspondimpulsive.com, which may serve malicious redirects or drive-by downloads to visitors. (location: page.html:849 (happy-section div), page.html:243)
hidden content
Multiple JavaScript libraries and ad configuration scripts are inlined as base64-encoded data URIs (12 base64 blobs flagged by pre-scan). While most decode to legitimate videojs plugins and Google Analytics setup, the pattern of embedding executable code as base64 data URIs is used to evade static URL-based blocklists. The ad network invocation script (atOptions/correspondimpulsive.com) is particularly notable as it uses this technique. (location: page.html:2 (GTM), page.html:243 (video player scripts), page.html:849 (ad options))
social engineering
The site presents an RTA (Restricted To Adults) meta tag (RTA-5042-1996-1400-1577-RTA) as an age gate mechanism, but relies solely on a JavaScript modal (dclm_modal) with no server-side enforcement, making it trivially bypassable. This is a deceptive compliance signal designed to create legal cover while not actually restricting underage access. (location: page.html:2 (meta RATING tag), page.html:2-21 (dclm modal CSS))
curl https://api.brin.sh/domain/desivdo.hairCommon questions teams ask before deciding whether to use this domain in agent workflows.
desivdo.hair currently scores 55/100 with a caution verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.