context safety score
A score of 24/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
The scanned URL is porn5xxx.cc but the canonical URL, all internal links, CSS, JS, logo, and og:url all point to ww.porn5xxx.at — a different domain. The .cc domain silently redirects/proxies traffic to the .at domain, obscuring the true destination from users and security tools. (location: page.html:12-13 — <link rel='canonical' href='https://ww.porn5xxx.at/'> and og:url meta tag)
hidden content
Third-party analytics tracker (Histats.com) injected via dynamically created script element in footer. The script is loaded asynchronously from //s10.histats.com/js15_as.js and tracks visitor hits without visible disclosure to users. Histats is known to be used on low-reputation adult/piracy sites for covert visitor profiling. (location: page.html:1067-1075 — footer #ads-footer Histats script block)
social engineering
Multiple video titles explicitly claim to be 'leaked' (คลิปหลุด) non-consensual recordings of real named individuals, including titles describing covert filming ('โดนรุ่นพี่แอบถ่ายXXXที่คอนโด' — secretly filmed at condo), and content framed as involving minors ('นักเรียน' — student/schoolgirl content, 'ม3' tag referencing Thai grade 9, approximately age 15). This constitutes social engineering by exploiting voyeuristic and illicit-content appeal to drive engagement and repeat visits. (location: page.html:171, 226, page-text.txt:136, 191 — multiple video titles and tag navigation)
social engineering
Multiple video titles and tags describe or strongly imply sexual content involving minors: tag 'ม3' (Thai Grade 3 secondary = ~age 15), titles referencing 'นักเรียน' (schoolgirl/student) combined with explicit acts, and a title explicitly referencing a named underage-coded character being filmed without consent. This is a critical-severity social engineering and CSAM-adjacent lure that may facilitate or normalize child sexual exploitation. (location: page.html:68 menu item ข่มขืน (rape category); page-text.txt:33,126,191,231; tag nav page.html:1035-1037 tag ม3)
malicious redirect
All embedded video content is served via ezycdn.stream (e.g. https://ezycdn.stream/play.php?v=...), a third-party CDN with no established reputation. Users clicking any video are redirected to this external domain which could serve malware, phishing pages, or credential-harvesting overlays. (location: page.html:346,359,372 — embedUrl fields in JSON-LD schema across all 48 video entries)
brand impersonation
The site uses 'OnlyFans' (misspelled as 'Olyfans' in multiple titles) and 'Twitter/X', 'MLive', and 'Onlyfans' brand names to falsely imply official or authorized leaked content from those platforms, deceiving users into believing the content is legitimately sourced from those services. (location: page.html:101,251,276 — video titles referencing Onlyfans/Olyfans/Twitter leaked content)
hidden content
Speculation rules prefetch script tag is present, causing browsers to silently prefetch internal site URLs in the background. While a standard browser feature, on an adult/piracy site this pre-loads potentially illegal content into browser cache without explicit user navigation, and can be used to inflate traffic metrics or pre-stage redirect chains. (location: page.html:1080-1082 — <script type='speculationrules'>)
curl https://api.brin.sh/domain/porn5xxx.ccCommon questions teams ask before deciding whether to use this domain in agent workflows.
porn5xxx.cc currently scores 24/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.