context safety score
A score of 55/100 indicates minor risk signals were detected. The entity may be legitimate but has characteristics that warrant attention.
phishing
2 deceptive links where visible host does not match destination host
brand impersonation
An escort profile is listed under the name 'PayPal' (a globally recognized financial brand) with a PREMIUM badge, appearing alongside legitimate escort profiles. This misuse of the PayPal brand name within an adult services directory could deceive users or be used to associate the payment platform with the site's services, exploiting brand recognition to lend false legitimacy or to facilitate payment-related deception. (location: page.html:366-381, page-text.txt:305)
social engineering
The site claims all profiles are 'manually reviewed and verified by moderators' and that 'verified escorts have submitted verification photos or videos', creating a false sense of trustworthiness and safety to lower user caution before engaging with potentially fraudulent or dangerous listings. Users are warned to 'take extra precautions' only for unverified profiles, implying verified ones are safe — a classic trust-building social engineering pattern common in scam operations. (location: page.html:900, page-text.txt:835)
social engineering
The Cloudflare challenge-platform script is injected via a hidden 1x1 pixel invisible iframe with visibility:hidden and position:absolute. While this is a standard Cloudflare Bot Management technique, its execution context (dynamically creating a script tag inside a hidden iframe) is a recognized browser fingerprinting and covert execution pattern that collects device/user data without visible disclosure to the user. (location: page.html:1209, page-text.txt:1144)
hidden content
An HTML comment at the bottom of the page contains a multi-line literary quote: 'Lovers can see to do their amorous rites / By their own beauties; or, if love be blind, / It best agrees with night. Come, civil night,' — embedded after the closing </html> tag. While likely a thematic decoration, content placed after </html> in comments is a known location for hiding text from casual inspection while remaining parseable by bots or scrapers. (location: page.html:1211-1215, page-hidden.txt:180-182)
social engineering
Multiple external off-site links in the header banner row (annaclaire.net, escort-ladyluck.com, sweet-passion-escort.de, lovehub.com, massagerepublic.com, jet.date, dubaiescorts.com) all open with target='blank' (missing the underscore prefix, making it 'blank' rather than '_blank'). While minor, this reflects sloppy or intentionally ambiguous link handling that could be used to track or manipulate navigation context. The deceptive link count of 2 flagged in Tier 2 likely corresponds to links whose visible anchor text does not clearly identify their destination domain. (location: page.html:111)
curl https://api.brin.sh/domain/escortlist.vipCommon questions teams ask before deciding whether to use this domain in agent workflows.
escortlist.vip currently scores 55/100 with a caution verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.