context safety score
A score of 41/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
obfuscated code
Large obfuscated JavaScript block using multi-layer encoding: URI percent-encoding combined with a Caesar-cipher-style character rotation over a 95-character printable ASCII range. The decoded string builds dynamic URLs and DOM structures at runtime, concealing its true behavior from static analysis. Loaded with data-cfasync="false" to bypass Cloudflare rocket-loader inspection. (location: page.html:130 — inline <script data-cfasync="false"> block)
malicious redirect
Third-party ad/tracker iframe loaded from go.mavrtracktor.com, an opaque ad-network tracker domain. The URL contains campaign tracking parameters (userId, campaignId, landing) and loads arbitrary content into the page. The domain name 'mavrtracktor' is a deliberate misspelling designed to evade blocklists referencing 'tracker'. (location: page.html:457 — <iframe src="https://go.mavrtracktor.com/i?...">)
malicious redirect
External affiliate link to tt.culinar9sync.com with a long hex path (67fe75a2368aadfaa216a986), styled as a 'LIVE CAMS' button. The domain is an opaque redirect/tracker domain with no clear legitimate identity. Uses rel="nofollow" and target="_blank" to obscure destination; the path pattern is consistent with affiliate redirect chains used by adult ad networks. (location: page.html:494 — <a href="https://tt.culinar9sync.com/67fe75a2368aadfaa216a986">)
social engineering
Navigation menu promotes 'Undress AI' (linking to cmonbae.com with affiliate union_id parameter) and 'Ai Sex Chat' (linking to golove.ai with referral parameter) styled with bright colors (#f8018d, #cef801) to draw clicks. These are affiliate-monetized services that use deceptive AI-capability framing to attract users, with referral IDs embedded in the URLs indicating financial incentive for driving traffic. (location: page.html:320,322 — primary-menu and page.html:401,403 — mobile-menu)
social engineering
Menu item labeled '#1 Porn Generator' links to playbox.com with a ref=fapello affiliate parameter, using authoritative '#1' superlative and red styling to create urgency. The referral parameter confirms affiliate revenue motivation for user redirection. (location: page.html:324 — <a href="https://www.playbox.com/?ref=fapello">)
brand impersonation
Site publishes a page explicitly named 'Lily Allen' (a well-known celebrity) with associated imagery, implying possession of leaked private content from that individual. This constitutes brand/identity impersonation of a public figure to attract traffic under false pretenses of authentic leaked material. (location: page.html:557 — <h2 class="entry-title"><a href="https://leakedmodels.com/lily-allen/">Lily Allen</a></h2>)
hidden content
LiveInternet analytics counter uses a 1x1 pixel transparent GIF (data:image/gif;base64 inline) with border:0, invisibly tracking visitor referrer, screen dimensions, color depth, and page URL. Data is exfiltrated to counter.yadro.ru (a Russian web analytics service) on every page load without user disclosure or consent notice. (location: page.html:923-932 — LiveInternet counter script in footer)
curl https://api.brin.sh/domain/leakedmodels.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
leakedmodels.com currently scores 41/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.