context safety score
A score of 36/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
The scanned URL is bollyflix.miami but all page content, canonical tags, og:url, RSS feeds, and asset URLs point to bollyflix.supply — indicating the .miami domain silently redirects or proxies traffic to a different domain. The canonical href is explicitly set to https://bollyflix.supply/ while the page is served from bollyflix.miami. (location: page.html:30 - <link rel="canonical" href="https://bollyflix.supply/">)
brand impersonation
The site title claims 'BollyFlix | Official Site' and uses the keyword 'Official Site' prominently in the page title and schema.org metadata, falsely asserting official status for what is a piracy/content-theft operation distributing copyrighted movies and TV series without authorization from Netflix, Amazon Prime, Hotstar, Hulu and other rights holders. (location: page.html:28 - <title>BollyFlix | Official Site, Bolly Flix, 300MB Movies, 9xMovies, BollyFlix.Net, BollyFlix.com</title>)
social engineering
The page displays a prominent alert banner urging users to 'Please Update Your Bookmark' to BollyFlix.To — a classic domain-migration social engineering tactic used by piracy sites to herd users to a new domain after takedowns, increasing exposure to potentially more-malicious successor domains. (location: page.html:254 - <div class="alert">...Our New Domain is <a href="https://bollyflix.to/">BollyFlix.To</a> || Please Update Your Bookmark</div>)
malicious redirect
Third-party ad/tracking script loaded from ly.someespinal.com — an unrecognized domain associated with aggressive ad networks and redirect chains commonly used to serve malware, fake software updates, or drive-by downloads to visitors of piracy sites. (location: page.html:489 - <script data-cfasync="false" async type="text/javascript" src="//ly.someespinal.com/r1Ai8h3h6bxUro/44775"></script>)
malicious redirect
Third-party script loaded from d1i4rchxg0yau7.cloudfront.net with a hcrid parameter — this pattern (hosted on CloudFront with opaque hash-based identifiers) is characteristic of ad-fraud and redirect networks that can silently redirect users or inject malicious payloads. (location: page.html:490 - <script data-cfasync="false" src="//d1i4rchxg0yau7.cloudfront.net/?hcrid=1185988"></script>)
hidden content
Multiple commented-out script and ad blocks are present in the HTML, including references to 1XADS (a gambling/betting ad network), an inline ad tag for bollyflix.re (a different domain), and altmovies.life/altmovies.rest links — suggesting rotating ad/redirect infrastructure that can be re-enabled server-side or via cache manipulation without altering visible page content. (location: page.html:98,230,234,249,493,495 - commented-out scripts and ad network references)
brand impersonation
The page SEO keywords and title deliberately include competing/legitimate domain variants (BollyFlix.Net, BollyFlix.com, BollyFlix.co.in, Bollyflix.cc, Bollyflix.vip, Bollyflix.in, 9xMovies) to intercept users searching for those sites, constituting search-result brand hijacking across multiple established piracy-site brands. (location: page.html:28,92 - <title> and <meta name="keywords">)
hidden content
The page loads wp-admin JavaScript files (editor.min.js, common.min.js, media-upload.min.js, wp-link) directly into the public-facing frontend — these are WordPress admin UI components not normally exposed to visitors, suggesting the frontend session may have admin privileges or the WordPress installation is misconfigured in a way that leaks admin functionality to unauthenticated users. (location: page.html:547,579,599 - wp-admin JS assets loaded on public page)
curl https://api.brin.sh/domain/bollyflix.miamiCommon questions teams ask before deciding whether to use this domain in agent workflows.
bollyflix.miami currently scores 36/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.