context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page conditionally redirects based on referrer or user-agent
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
Popunder/tabunder ad system configured to open new tabs/windows on user clicks across nearly all page elements, including play buttons and thumbnails. Uses spot IDs from TrafficStars/ExoClick with force_url overrides and capping resets to maximize unwanted redirects. The 'tabunder' type is specifically designed to open pages behind the current window to evade detection. (location: page.html:238-440 (popOptions config, tabunder_type, bindSel binding))
malicious redirect
Hardcoded force_url for 'Donny' campaign traffic redirects to clladss.com, a low-reputation ad redirect domain. URL is dynamically constructed with subid, utm parameters, and spot IDs to track and route users to potentially harmful destinations. (location: page.html:733 (popunderSpot.config.force_url = `https://clladss.com/get/...`))
malicious redirect
Promo bar URL uses an unresolved template placeholder '{title}' sent to fhgte.com, an external ad/traffic network. This pattern can be abused to inject arbitrary keyword values into redirect URLs, potentially routing users to unwanted destinations based on page context. (location: page.html:994 (window._promobar = ['https://fhgte.com/tour?utm_campaign=ai.CBZ&utm_content=above_bar_xmilf&keywords={title}']))
malicious redirect
In-player 'UNLOCK PREMIUM' and 'FULL VIDEO HERE' buttons use affiliate/CPA tracking links routed through g2fame.com, javhd.com, 1passforallsites.com, and fhgte.com. These are designed to redirect users to paid adult content subscription sites under the guise of unlocking free video content, constituting deceptive redirect behavior. (location: page.html:77-91 (window._plBtn object with affiliate redirect URLs))
social engineering
'UNLOCK PREMIUM' and 'FULL VIDEO HERE' buttons are presented as in-player overlays (z-index: 99999) to trick users into clicking, which redirects to paid subscription sites. The UI pattern deliberately mimics a video playback gate to coerce clicks under false pretenses. (location: page.html:66-92 (.__bai-overlay z-index:99999, window._plBtnText='UNLOCK PREMIUM'/'FULL VIDEO HERE'))
social engineering
Live cam links labeled 'LIVE CAMS' and 'LIVE SEX' with animated blinking green dot icons are injected into navigation tabs to create false urgency and imply real-time live activity, manipulating users into clicking affiliate tracking links. (location: page.html:904-925 (window._hl1 with green-blink-dot animation and strip2tip/rmhfrtnd tracking URLs))
obfuscated code
Large Base64-encoded JavaScript variables (cGAm2MphS, fqp3VeZWI) are embedded at page load. The variable cGAm2MphS decodes to ad configuration JSON including 'actman.obfuscated.js' as the adver field, explicitly naming an obfuscated script. The fqp3VeZWI variable encodes full ad zone configuration to evade static analysis of ad network identifiers. (location: page.html:59-60 (var cGAm2MphS, var fqp3VeZWI Base64 blobs; decoded adver field references 'actman.obfuscated.js'))
obfuscated code
External script loaded from a path with randomized/hashed filename: /fightout/howone7.10.13.59cdca6a33bb39575fa19cbb4e75f332.js — the MD5-style hash in the filename is consistent with obfuscated/dynamically-named scripts used to evade URL-based blocking. The script tag has no integrity attribute. (location: page.html:61 (<script src='/fightout/howone7.10.13.59cdca6a33bb39575fa19cbb4e75f332.js'>))
hidden content
The entire visible page body consists of a single <div id='app'> containing only a nearly invisible text node (<i style='font-size:0.1px'>...</i>). All meaningful content is JavaScript-rendered. This hides page intent from crawlers and security scanners that do not execute JavaScript, while presenting full content to real users. (location: page.html:998 (<div id='app'><i style='font-size:0.1px'>...</i></div>))
hidden content
window._hidden_channels variable is set to an array ['6459'], suggesting there are channel IDs intentionally hidden from the visible page UI but accessible to the ad/content management scripts. (location: page.html:976 (window._hidden_channels = ['6459']))
prompt injection
The page title is programmatically set and fed into ACtMan via ACtMan.setProp('title', ...) with a split on '- MrGay.com' — revealing this xmilf.com page is actually served under a different brand identity (MrGay.com) in some contexts. The title and tag values are passed as ad-targeting parameters. If an AI agent reads the page title or meta for classification, this cross-brand injection could cause misclassification of the site's content category and brand. (location: page.html:882 (ACtMan.setProp('title', window.document.title.split(/ - MrGay.com/, 1)[0])))
brand impersonation
The page internally references 'MrGay.com' as the site's title suffix in JavaScript (split on '- MrGay.com'), while the domain is xmilf.com and the project_name is set to 'xmilf.com'. This indicates the same codebase/ad stack is deployed across multiple domains with different brand identities, potentially to impersonate or piggyback on the reputation of established brands. (location: page.html:882-883 (title split on MrGay.com; window.constants project_name='xmilf.com'))
malicious redirect
Client hint delegation meta tag delegates sensitive browser fingerprinting headers (sec-ch-ua, sec-ch-ua-platform, sec-ch-ua-full-version-list, etc.) to tsyndicate.com, a third-party ad network. This allows tsyndicate.com to receive detailed browser/OS fingerprint data on every request, enabling cross-site user tracking without explicit consent. (location: page.html:55 (<meta http-equiv='delegate-ch' content='sec-ch-ua https://tsyndicate.com; ...'> ))
hidden content
Yandex Metrika tracker (ym) is loaded and configured with campaign, page, and magma_source cookie values, and a custom 'mybid' API key meta tag is present. These trackers silently collect behavioral data and are not disclosed to users, operating as hidden telemetry. (location: page.html:40-43, 54 (Yandex metrika init; <meta name='mybid' data-apikey='ea278dd6-...'/>))
curl https://api.brin.sh/domain/xmilf.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
xmilf.com currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.