context safety score
A score of 38/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page loads content in transparent or zero-size iframe overlay
malicious redirect
Popunder/interstitial ad system on mobile Chrome intercepts all link clicks and redirects users via a full-screen iframe to 'https://go.mnaspm.com/easy?campaignId=eef903aa56fab9000a2d958b978cad67b1eb60c43591720f9b4bbb8706d520be&userId=...&targetDomain=tranny.show' before allowing navigation to intended content. This is an unsolicited forced redirect mechanism. (location: page.html:710, page.html:787)
malicious redirect
On non-Chrome mobile browsers, a popunder/redirect system intercepts clicks and forces navigation to 'https://go.neorts.com/easy?campaignId=3c88a55362c0625eab3a8bd4d2879836bb121dfb65c2091d17586e6c05474d1a&userId=...&targetDomain=tranny.show' via setTimeout, bypassing normal navigation and opening a separate window without user consent. (location: page.html:831-833)
malicious redirect
Third-party ad script loaded from 'https://s.ad.twinrdengine.com/adlib.js' on desktop Chrome used to serve interstitial ads. The domain 'twinrdengine.com' is an ad network domain used for interstitial injection, with no direct user disclosure. (location: page.html:818)
hidden content
All video thumbnail elements are marked with class 'hide' (display:none) and only a subset are revealed by JavaScript. The full list of video content is hidden from standard HTML rendering, only exposed after script execution. This obscures the full page content from non-JS scrapers and some security scanners. (location: page.html:505-531)
hidden content
A session cookie is set via inline JavaScript wrapped in an HTML comment (<!-- ... -->) inside a <script> block: document.cookie='eb721e8ea6763251a1d1b142a83f126e97cab2=...' with an expiry of approximately 24 hours. The obfuscated cookie name and base64-like value suggest a tracking or session-binding mechanism that is not disclosed to the user. (location: page.html:499-502)
social engineering
The page uses an aggressive interstitial ad overlay on mobile that covers the entire screen (position:fixed, width:100%, height:100%, z-index:2147483646) with a 'SKIP AD' and 'Close Ad' button, creating a deceptive full-screen takeover that mimics legitimate modal dialogs to manipulate user interaction before allowing access to intended content. (location: page.html:704-714, page.html:780-791)
malicious redirect
Navigation menu 'Live Cams' links on both mobile and desktop redirect via 'https://go.neorts.com/?campaignId=TR1&creativeId=Tab&sourceId=...&targetDomain=tranny.show&userId=...' — a third-party ad network redirect URL with embedded user tracking ID, routing users off-site through an affiliate tracking gateway without clear disclosure. (location: page.html:256, page.html:273)
hidden content
Console logging is entirely suppressed by overriding all console methods (log, error, warn, info, debug, clear) with empty functions, preventing any client-side debugging or visibility into runtime errors and ad script behavior. (location: page.html:718-719)
curl https://api.brin.sh/domain/tranny.oneCommon questions teams ask before deciding whether to use this domain in agent workflows.
tranny.one currently scores 38/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.