context safety score
A score of 26/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
hidden instruction
high hidden content ratio detected in DOM
encoded payload
suspicious base64-like blobs detected in page content
credential harvesting
credential form posts to an off-domain endpoint (may be legitimate SSO/OAuth)
phishing
1 deceptive links where visible host does not match destination host
cloaking
Page loads content in transparent or zero-size iframe overlay
brand impersonation
The page is served from domain 6dngine.com but presents itself entirely as TechTarget/WhatIs content. The canonical URL, og:url, og:site_name, title, structured data, all navigation links, and all internal hrefs point to www.techtarget.com. The site is a full-page clone/mirror of a legitimate TechTarget article, with no indication to users or agents that they are on 6dngine.com rather than techtarget.com. (location: page.html: <meta property='og:url' content='https://www.techtarget.com/whatis/definition/wiki'>, <link rel='canonical' href='https://www.techtarget.com/whatis/definition/wiki'>, page title, all nav/content links)
malicious redirect
The HTML sets <base href='https://id.m.wikipedia.org/'> in the head, which hijacks all relative URL resolution to route through id.m.wikipedia.org (Indonesian Wikipedia mobile). This is anomalous and inconsistent with the TechTarget content being displayed, potentially used to redirect relative resource requests or future injected relative links to a third-party domain under attacker influence. (location: page.html line 62: <base href='https://id.m.wikipedia.org/' />)
brand impersonation
Favicon and apple-touch-icon links all reference https://id.m.wikipedia.org/ (Indonesian Wikipedia), mixing Wikipedia branding artifacts into a page impersonating TechTarget. This creates a confusing multi-brand impersonation, borrowing trust signals from both TechTarget and Wikipedia. (location: page.html lines 52-60: <link rel='shortcut icon' href='https://id.m.wikipedia.org/favicon.ico'> and multiple apple-touch-icon links to id.m.wikipedia.org)
hidden content
All JavaScript <script> tags use a non-standard type attribute value '62e6c35e084aa6808747dc68-text/javascript' instead of 'text/javascript'. This pattern (used with Cloudflare Rocket Loader) causes scripts to not execute natively in browsers without the Rocket Loader, effectively hiding script execution intent and obfuscating which scripts actually run. This is consistent with cloaking behavior where scripts appear present but are conditionally activated. (location: page.html lines 40, 43, 46, 47, 51, 64, 65, 69, 72, 129, and throughout: type='62e6c35e084aa6808747dc68-text/javascript')
social engineering
The page presents a completely legitimate-looking TechTarget/WhatIs technology definition article (about wikis), including real author attribution, publication dates, structured data, related terms, and navigation—all designed to appear as an authoritative, trustworthy source. Users and AI agents browsing or indexing this page would have no visual indication the content originates from an unrelated domain (6dngine.com), making it an effective trust-building lure. (location: page.html and page-text.txt: full article content, author block, structured data JSON-LD at lines 921-922)
curl https://api.brin.sh/domain/6dngine.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
6dngine.com currently scores 26/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.