context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
cloaking
Page conditionally redirects based on referrer or user-agent
exfiltration
JavaScript intercepts form submissions to exfiltrate data
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
Third-party script loaded from suspicious domain 'chaseherbalpasty.com' via HTTP (protocol-relative URL //chaseherbalpasty.com/lv/esnk/1946873/code.js). This domain name is unrelated to any legitimate ad network and has characteristics of a malvertising or redirect chain domain. The script is loaded with data-cfasync='false' to bypass Cloudflare bot protection and runs asynchronously. (location: page.html:195)
hidden content
Two 1x1 pixel tracking images embedded in the footer linking to toplist.cz and toplist.sk (toplist.cz/dot.asp?id=1212368 and toplist.sk/dot.asp?id=1269902). While these are Czech/Slovak traffic counters, they silently track visitors without prominent disclosure and are rendered invisibly (width=1, height=1). (location: page.html:203-204)
social engineering
Age verification modal uses a consent flow that sets a cookie ('pv_agreement') and then blurs/unblurs content. The modal presents legal-sounding declarations to create a false sense of user legal responsibility and compliance, pressuring users to 'confirm' broad terms including accepting cookie tracking, before content is revealed. This pattern is used to coerce passive consent to data collection. (location: page.html:72-73)
hidden content
Ad zone injection scripts (PvLoader.addZone) are interspersed directly within the visible content list in the HTML body, loading ad zones 4641908, 4641910, 4641912, 4641920, 2370833, 2370841, 2370845, 2925240 via an external ad provider (a.magsrv.com / ExoClick). These dynamically inject third-party ad content without transparent disclosure of ad network identity to users. (location: page.html:138,153,168,183,194-197)
malicious redirect
Popup/popunder ad system loaded via 'a.pemsrv.com' and 's.pemsrv.com' (PemSrv ad network) with configuration for new_tab popups (new_tab:true), triggered based on browser fingerprinting (Chrome detection, adblock detection, time-since-first-visit). The script conditionally fires popups only for Chrome users without adblockers who have been on the site over ~175 seconds, designed to evade detection while targeting specific users. (location: page.html:219-221)
hidden content
Script loaded from local path '/nb/frlo.min.js' with no description or attribution. The obfuscated filename and non-standard path ('/nb/') suggest a potentially undisclosed tracking or fingerprinting script separate from the main theme assets. (location: page.html:75)
hidden content
PvLoader.serve call to '/nb/balo.php' at page end dynamically serves additional ad or tracking content from a local PHP endpoint with an opaque name, providing no transparency about what is loaded or executed. (location: page.html:223)
curl https://api.brin.sh/domain/pvideo.czCommon questions teams ask before deciding whether to use this domain in agent workflows.
pvideo.cz currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.