Is porn4fans.com safe?

encoded payload

suspicious base64-like blobs detected in page content

cloaking

Page conditionally redirects based on referrer or user-agent

js obfuscation

JavaScript uses Function constructor for runtime code generation

brand impersonation

The site operates as 'Porn4Fans' and explicitly advertises itself as 'The Hottest OnlyFans Leaks Site', distributing content described as leaked from OnlyFans creators without authorization. This constitutes brand impersonation of OnlyFans and misappropriation of creator identities (Belle Delphine, Skylar Blue, Sophie Rain, etc.) to attract users under false pretenses. (location: page.html:7-10, meta description and keywords)

obfuscated code

A large inline script block uses a Caesar-cipher-style character rotation obfuscation technique on a long encoded string ('cmeccZYhfZb^W^TR^]S_UYZJOLIQXJKELN...') combined with array index decomposition to hide its true functionality. The pattern is consistent with anti-analysis evasion used by ad fraud, click-hijacking, or malicious redirect scripts. The decoded logic manipulates URLs and navigates the browser. (location: page.html:267 (inline script block after header navigation))

malicious redirect

An external script is loaded from the suspicious third-party domain 'frozenpayerpregnant.com' (//frozenpayerpregnant.com/bn.js) with data-cfasync='false' to bypass Cloudflare async filtering, and uses onerror/onload callbacks ('ottglad(16)') tied to the obfuscated script logic. This domain name is characteristic of traffic-monetization or malvertising networks and is not a recognized CDN or ad network. (location: page.html:268)

social engineering

A header button labeled 'AI CUMSLUTS 💦' links to 'https://engine.trackingdesks.com/?352946458' via a tracking/affiliate redirect domain. This uses provocative bait language to drive clicks through an opaque tracking gateway, which is a common social engineering pattern in adult traffic monetization that can lead to scam pages or unwanted subscriptions. (location: page.html:127-129)

malicious redirect

The 'AI CUMSLUTS' button links to 'engine.trackingdesks.com' — a known affiliate/traffic tracking domain used to route users through opaque redirect chains. Destination is unknown and not disclosed to the user, creating risk of landing on credential harvesting, malware distribution, or subscription scam pages. (location: page.html:127)

credential harvesting

The site solicits account registration (Sign up / Log in) on a domain distributing leaked third-party content. Users who register provide credentials (email/password) to an operator with demonstrated disregard for content consent laws. High risk that credentials are collected, reused, or sold, particularly given the site's legal ambiguity and offshore operation pattern. (location: page.html:231-233)

social engineering

The site uses urgency and exclusivity framing ('New videos are added daily, so bookmark Porn4Fans so you don't miss out') combined with 'GET PREMIUM' and '24/7 Premium Support' upsells to psychologically pressure users into paid subscriptions. Premium access is gatekept behind a modal that blocks support access for free users. (location: page.html:110-120, page-text.txt:1505-1508)

hidden content

A Yandex Metrika tracking pixel is rendered as a 1x1 image positioned at left:-9999px (off-screen) inside a noscript tag, covertly collecting visit data via Yandex's analytics infrastructure even for users with JavaScript disabled. Yandex is a Russian company subject to data sharing requirements under Russian law. (location: page.html:2111)

hidden content

Multiple ad slots using 'data-cl-spot=2057939' are placed throughout the page body (header, between content sections, footer) with no visible placeholder content — only a loader image. These dynamic ad injection points load third-party iframe content at runtime without disclosure, enabling hidden ad serving or drive-by content injection. (location: page.html:615-628, 1196-1211, 1476-1532)