context safety score
A score of 37/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
cloaking
Page conditionally redirects based on referrer or user-agent
cloaking
Page loads content in transparent or zero-size iframe overlay
malicious redirect
Pop-under/pop-up ad network scripts from adxsrver.com (KstJsPp.js, license.11.js, kstst.js) implement a pop-under ad system that fires on user clicks bound to video thumbnails (.pp-ii). The code tracks browser type and uses cookie-gated timing logic to redirect users to https://www.adxsrve.com/www/delivery/directads.php?bannerid=1590 in a new context. This is an unsolicited redirect triggered on any video item click. (location: page.html:2416-2507)
malicious redirect
An iframe embedded among video listings loads content from engine.zerodayromance.com with obfuscated/unformatted URL parameters including ag_custom_vlmcp and ag_custom_vlmspot. The iframe is styled to blend in with legitimate video thumbnails (246x183px) and is accompanied by JavaScript that detects focus events on this iframe and sends an async tracking stat_spot request, indicating click-jacking or covert redirect behavior. (location: page.html:486-493, 2354-2368)
hidden content
The 'Ad' label span for the embedded zerodayromance.com iframe is commented out (<!-- <span class='text_ad'...>Ad</span> -->), deliberately hiding the advertisement disclosure from users. The ad content 'Create Your AI Fuckboy' is presented without any visible ad marker, disguising a paid advertisement as organic site content. (location: page.html:517-529)
social engineering
Navigation tabs 'Gay Cams' and 'Guys Gone Live' link directly to adxsrve.com ad delivery URLs (zoneid=66 and zoneid=67) rather than internal site pages. The links are styled identically to legitimate navigation items, deceiving users into clicking ad network links while believing they are navigating to site features. The sitename parameter contains an unfilled template placeholder '{gbt_camstab}' and '{gbt_gamestab}', indicating misconfigured ad injection. (location: page.html:129-134, 143)
malicious redirect
A smartpop script from go.reebr.com is loaded at page end with userId and sourceId parameters, implementing a smart pop redirect system that fires on user interaction. This is a third-party redirect/pop network operating silently in the background. (location: page.html:2508)
hidden content
All video thumbnail images use a 1x1 transparent GIF as the immediate src (data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7) with real content deferred to data-src/data-webp attributes. While this is standard lazy-loading, a script at the bottom of the page (line 2335-2338) unconditionally replaces all data-src values with data-webp values before load, which could be exploited to swap image sources. (location: page.html:2334-2339)
malicious redirect
A hash-based URL fragment script checks for the pattern #page-favorite_photos,20288 and silently redirects to /404.php using window.location.replace (no back-navigation possible). This pattern could be used to redirect users arriving from specific referral links to dead-end pages, suppressing content or evading analysis. (location: page.html:65-77)
curl https://api.brin.sh/domain/gayporntube.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
gayporntube.com currently scores 37/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.