context safety score
A score of 41/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
brand impersonation
Domain xvideos.net impersonates the well-known brand xvideos.com. The site presents itself as an official 'links' page for xvideos.com but is a separate, unaffiliated domain designed to redirect users under the guise of the legitimate brand. (location: page.html:5, metadata.json:domain)
malicious redirect
The meta description tag contains a redirect URL to 'https://www.xvideos005.com/' — a suspicious lookalike domain not affiliated with the official xvideos.com brand, likely used to funnel traffic to a third-party site. (location: page.html:8)
malicious redirect
APK download link points to 'https://1525721419.rsc.cdn77.org/android/apk/xvideos-STABLE-0.66' — a CDN-hosted numeric subdomain distributing an Android APK outside of any official app store, posing a high risk of malware delivery. (location: page.html:90)
malicious redirect
A second APK download link points to 'https://1525721419.rsc.cdn77.org/android/apk/xvideos-BETA-1.7' — same suspicious CDN-hosted numeric subdomain distributing an Android APK binary outside any official app store channel. (location: page.html:112)
brand impersonation
Link to 'https://www.xvv1deos.com' uses a homoglyph/typosquat of 'xvideos.com' (replacing 'i' with '1' and doubling 'v') presented as a legitimate bypass mirror, deceiving users into visiting a lookalike domain. (location: page.html:98-99)
social engineering
The Android APK links are described as 'free and safe' and 'new app released in 2018', using trust-building language to encourage users to sideload an unverified APK from an unofficial CDN host rather than an official app store. (location: page.html:91)
social engineering
The typosquat domain xvv1deos.com is framed as a helpful bypass ('if xvideos.com is blocked for you'), using access-restriction concerns to socially engineer users into visiting a lookalike phishing/malware domain. (location: page.html:99)
hidden content
CSS class '.porno' sets both background-color and color to #000000 (black on black), rendering any text within it invisible to users while remaining present in the DOM — a classic hidden content technique. (location: page.html:55-59)
curl https://api.brin.sh/domain/xvideos.netCommon questions teams ask before deciding whether to use this domain in agent workflows.
xvideos.net currently scores 41/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.