context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
A hidden input field with class 'redirect_url_2' contains a TinyURL shortlink (https://tinyurl.com/yp9fwcfz) that is used as the popup click-through redirect destination. The actual destination is obfuscated behind the URL shortener. JavaScript in the popup (window.open(redirect_url,'_self')) silently navigates the user to this unknown destination when the popup is clicked. The same TinyURL is reused for popup id=3 via 'redirect_url_3'. (location: page.html:432 and page.html:1596 — hidden input fields inside ays-popup-box modals)
social engineering
Two auto-displaying popup overlays (modal id=2 triggered after 3-second delay; modal id=3 triggered after 60-second delay) present 'Join for Free Today' calls-to-action. The popups have a hidden close button that only appears on mouseover and auto-close timers, using dark-pattern UX to pressure users into clicking the popup body, which silently redirects them via a TinyURL shortlink to an unknown destination. (location: page.html:366-434 (popup id=2), page.html:1560-1600 (popup id=3) — ays-popup-box plugin modals)
hidden content
Both popup modals (id=2 and id=3) have their title ('Join for Free Today') and description ('Demo Description') set to display:none, and the close button is hidden by default (only shown on mouseover). The visible portion of the popup is entirely controlled by an opaque background image from media.folkd.com, making the actual content and intent invisible to scanners relying on visible text. (location: page.html:417 — h2 and div elements with style='display: none' inside ays-pb-modal_2; same pattern in ays-pb-modal_3)
credential harvesting
All 'Sign Up' and 'Member Login' navigation links point to a separate subdomain (members.folkd.com) rather than the main domain. The registration and login flows are hosted externally at https://members.folkd.com/s/register/ and https://members.folkd.com/login/, creating a credential collection surface on a subdomain that may have different security posture than the main site. (location: page.html:293-294 and page.html:296-297 — nav menu items and mobile offscreen menu items)
phishing
The site presents itself as 'The Ultimate Dating Site' (meta description, page.html:12) operating under folkd.com, but folkd.com is historically known as a social bookmarking/link-sharing platform. The site has been repurposed into a dating site, potentially exploiting the old brand's domain age (7405 days) and existing user trust to lure users into registering with a service that is substantively different from the brand's original identity. This brand-mismatch is a phishing indicator. (location: page.html:12 — meta description; metadata.json — domain folkd.com with 7405-day age)
brand impersonation
The domain folkd.com originally operated as a social bookmarking service. The current site fully repurposes the domain as a dating platform ('Folkd — The Ultimate Dating Site') without clear disclosure of the domain's history, which could mislead users who recall the old folkd.com social bookmarking brand into trusting a new, unrelated dating service. (location: page.html:6-8 — title and meta dc.description; page-text.txt:35)
curl https://api.brin.sh/domain/folkd.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
folkd.com currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.