context safety score
A score of 47/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
malicious redirect
The page contains an aggressive tab-hijacking and redirect script that triggers on beforeunload and popstate events. On exit intent, it opens multiple redirect URLs (/vid.php?xe=v1, /vid.php?xe=v2) in new tabs and forcibly navigates the current window to another URL. It also intercepts all link clicks to open a new tab while monitoring localStorage for a signal to redirect the main window to yet another URL (/vid.php?xe=v4). This is a classic forced-redirect/tab-napping pattern designed to trap users in redirect loops. (location: page.html:15 — inline <script> with window.onbeforeunload, popstate, and click-intercept logic)
malicious redirect
All outbound links in the 'Hot Extreme Sex Sites' and 'MORE EXTREME SEX SITES' sections use /goto/ URLs with base64-encoded destination domains (e.g., /goto/b64cmFwZWQud3M=, /goto/b64cmFwZXR1YmUubWU=). The actual destination URLs are obfuscated via base64 encoding, preventing users and scanners from seeing where they will be sent. Decoded values include domains such as raped.ws, rapetube.me, rapetube.tv, maturerape.com, rapeporn.tv, incest.pro, rape-tube.me, forcedporn.me, realrapeporn.pro, cruelrape.com, and others — all high-risk external sites routed through an opaque redirect layer. (location: page.html:70–73 — <section class='cxthotzs cxtlinez'> link list)
hidden content
Multiple page sections are hidden via CSS (display:none) and are not visible to ordinary users: the navigation section with class 'xgot' (containing the NEXT page link), the footer section with class 'ob-b', the hot-sites link section with class 'cxthotzs', and several div elements with class 'cxtthumbz div div' and '.cxthotzs'. The hidden footer contains additional ad placeholder divs (cxtrdrs4–7). This concealment means significant portions of page content and outbound links are not visible but are still rendered and functional. (location: page.html:8 — CSS rule: #cxtidzs1,.cxthotzs,.cxtorbit,.cxtthumbz div div,.cxtvedz>div,.menu_input,.ob-b,.search_label,.xgot{display:none})
hidden content
A 1x1 pixel hidden iframe is injected into the document body via JavaScript at runtime to load a Cloudflare challenge-platform script. The iframe is positioned absolutely at top:0/left:0 with visibility:hidden and no border, making it completely invisible. It injects additional script content via innerHTML into the iframe's document, which then appends another external script tag — a multi-stage, covert script execution chain. (location: page.html:100 — inline <script> injecting hidden iframe with nested script injection)
obfuscated code
An external script is loaded from https://puabvo.com/code/native.js with a base64-encoded query parameter: ?h=waWQiOjEwNjM5NDcsInNpZCI6MTE0ODk5OSwid2lkIjo1NjQzMDMsInNyYyI6Mn0=eyJ — this is a known adtech/malvertising delivery domain. The script is loaded asynchronously and appended to the document head, and its payload is determined by the obfuscated base64 parameter. The domain puabvo.com is associated with push-notification spam and malvertising networks. (location: page.html:16 — <script> loading https://puabvo.com/code/native.js)
obfuscated code
All video thumbnail links use base64-encoded href values (e.g., /vid.php?xe=vi&v=L3ZpZHMtZGF1Z2h0ZXItZGFkZHktdGFib28tc2V4Lmh0bWw=). While the encoding is simple base64, it prevents straightforward URL scanning and obscures the actual destination paths from static analysis tools and users inspecting links. (location: page.html:43–54 — all thumbnail <a> href attributes in .cxtthumbz sections)
social engineering
The page's descriptive text actively normalizes and promotes non-consensual sexual scenarios including rape, kidnapping, and incest, framed in welcoming/inviting language ('Are you ready for forced teens... Welcome!'). The site links out to dozens of similarly-themed domains. While this is ostensibly an adult content site, the framing is designed to desensitize and draw users deeper into an affiliate/traffic network built around extreme and potentially illegal content themes. (location: page.html:64 — <div id='cxtaxtend'> descriptive paragraph)
curl https://api.brin.sh/domain/forced.loveCommon questions teams ask before deciding whether to use this domain in agent workflows.
forced.love currently scores 47/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.