context safety score
A score of 45/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
brand impersonation
The domain xvv1deos.com visually mimics xvideos.com by replacing 'i' with '1' and rearranging characters (xv + v1deos). The page serves a full clone of the XVIDEOS.COM homepage, including their logo, branding, metadata, and all site structure, while operating from an unaffiliated domain. (location: domain: xvv1deos.com vs xvideos.com; page.html:4 <title>Free Porn Videos - XVIDEOS.COM</title>)
social engineering
The page embeds a 'Join for FREE' and 'Login' call-to-action that, on a spoofed domain, would harvest user credentials. Users who believe they are on the legitimate xvideos.com may enter their real username and password into account forms served from xvv1deos.com. (location: page.html:58 href='/account' and href='/account/create')
credential harvesting
Login and account-creation endpoints (/account and /account/create) are present on a brand-impersonating domain. Any credentials submitted through these forms would be captured by the operator of xvv1deos.com rather than the legitimate XVIDEOS service. (location: page.html:58 <a href='/account' data-mode='signin-top-page'> and <a href='/account/create' data-mode='signup-top-page'>)
malicious redirect
The xv.conf JavaScript configuration object references the canonical slave domain as https://www.xvideos.com, meaning internal navigation and API calls may silently redirect users to or from the legitimate domain, obscuring which site is actually being interacted with. The AMP link also points to https://amp.xvideos.com/, mixing legitimate and spoofed origins. (location: page.html:32 window.xv.conf domains.slave='https://www.xvideos.com'; page.html:5 <link rel='amphtml' href='https://amp.xvideos.com/'>)
hidden content
An IE conditional comment is present that injects an X-UA-Compatible meta tag only for Internet Explorer clients, potentially enabling legacy rendering modes that weaken browser security protections. Additionally a server-side generation marker '<!-- Gen By 81 -->' at the end of the document could indicate templated infrastructure used for mass site cloning. (location: page-hidden.txt:1 [if IE]><meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>; page-hidden.txt:2 Gen By 81; page.html:472)
curl https://api.brin.sh/domain/xvv1deos.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
xvv1deos.com currently scores 45/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.