context safety score
A score of 27/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
hidden instruction
high hidden content ratio detected in DOM
encoded payload
suspicious base64-like blobs detected in page content
brand impersonation
The site badak178link.com clones the full Alibaba.com storefront UI (header, navigation, footer, product listing, category panels, payment icons, SSL badges) to impersonate Alibaba.com. The page title, meta descriptions, og:site_name, and structured data all present BADAK178 as an Alibaba.com-hosted product while the actual content is a gambling/slot site. Copyright footer reads '1999-2025 Alibaba.com Feat BADAK178'. (location: page.html:5-13, page.html:3549, page.html:1516-1630)
malicious redirect
Every navigational link on the page — including the Alibaba.com logo, all category links, 'Browse featured selections', login/signup buttons, footer links (Facebook, LinkedIn, Twitter, Instagram, YouTube, TikTok, App Store, Google Play, AliExpress, Policies, Privacy Policy, Terms of Use, etc.) — is hardcoded to redirect to hellopeptide.com/privacy-policy/ or hellopeptide.com/amp-privacy/ instead of legitimate Alibaba.com URLs. Over 100 links all funnel to the same two external URLs. (location: page.html:1522, 1603, 1623-1628, 1854-2422, 3407-3554)
social engineering
The page falsely claims BADAK178 is '#1 BADAK178' with '77,888,222 Sold', '1,000,000,000 searches', '5.0 rating based on 7779 reviews for verified HK Pools', and holds a 'lisensi resmi dari PAGCOR' (legitimate Philippine gambling regulator). These fabricated credibility signals are used to lure users into registering and depositing on an unverified gambling platform. Call-to-action buttons include 'DAFTAR BADAK178' (Register) and 'LOGIN BADAK178'. (location: page-text.txt:1457-1463, 1594-1615, 1680-1694, 1849-1889)
prompt injection
A search suggestion injected into the Alibaba.com search autocomplete carousel reads 'CARI DI GOOGLE: BADAK178' (Indonesian: 'SEARCH ON GOOGLE: BADAK178'). This is a prompt injection targeting both human users and AI agents that scrape or process search suggestions, instructing them to search Google for the gambling brand — a classic SEO/agent manipulation technique embedded in UI content. (location: page.html:1559, page-text.txt:143)
hidden content
A script block with nonce 'alibaba-tracking' contains the comment: 'Note: This file may contain artifacts of previous malicious infection. However, the dangerous code has been removed, and the file is now safe to use.' This is itself suspicious content — it acknowledges prior malicious infection and may be used to whitelist/reassure automated scanners while residual malicious infrastructure remains. The 'one-tap-login' overlay div (hidden, display:none) is a concealed modal positioned at z-index 9999 that could capture credentials. (location: page.html:1409-1413, page.html:3697-3704)
brand impersonation
Structured data (application/ld+json) presents BADAK178 as a schema.org Product with offers linking to hellopeptide.com, BreadcrumbList items named 'BADAK178' and 'BADAK178 LINK' with item URLs pointing to hellopeptide.com/privacy-policy/, and ImageObject creditText 'Link Gacor'. This poisoned structured data causes search engines and AI agents parsing schema.org markup to index BADAK178 gambling content as an Alibaba.com product listing. (location: page.html:3567-3693)
malicious redirect
The canonical URL, og:url, og:image, Twitter image, favicon, amphtml link, and hreflang alternate all point to hellopeptide.com rather than the serving domain badak178link.com. This canonicalization abuse causes crawlers and AI agents to attribute all page content and signals to hellopeptide.com, laundering SEO and trust signals to that domain. (location: page.html:7-28)
social engineering
The top banner (icbu-buyer-pc-top-banner) is styled as an Alibaba.com promotional banner but loads a GIF from hellopeptide.com/img/daftar-sekarang.gif ('daftar sekarang' = 'register now' in Indonesian) with a bright red background, designed to appear as a legitimate Alibaba sale banner while promoting BADAK178 gambling registration. (location: page.html:1513)
hidden content
CSS in page-text.txt contains raw style block content rendered as visible text, indicating the page-text extraction captured injected/malformed CSS payloads mixed into the visible text layer. The CSS includes a background-color value 'merupakan agen game online badak 178 terpercaya...' — gambling promotional copy is embedded directly inside a CSS property value to evade text-based content scanners. (location: page-text.txt:1416)
curl https://api.brin.sh/domain/badak178link.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
badak178link.com currently scores 27/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.