context safety score
A score of 49/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page loads content in transparent or zero-size iframe overlay
brand impersonation
The page is served from domain broker.ru but all canonical URLs, og:url, og:image, font CDN links, and API scripts point to bcs.ru (e.g., canonical href='https://bcs.ru/', og:url='https://bcs.ru/', fonts from cdn.bcs.ru, scripts from api.bcs.ru). The domain broker.ru is presenting itself as the official BCS (БКС Мир Инвестиций) investment platform, which is legitimately hosted at bcs.ru. This constitutes brand impersonation or an unauthorized mirror/clone of the BCS brand. (location: page.html:13 (canonical), page.html:42 (og:url), page.html:14-20 (CDN/API references to bcs.ru))
malicious redirect
The canonical tag on broker.ru explicitly points to https://bcs.ru/, indicating the site may be using SEO manipulation or redirect logic to funnel traffic from broker.ru to bcs.ru or vice versa. Users searching for broker.ru may be intercepted and redirected, or broker.ru may be harvesting engagement before forwarding to the real site. (location: page.html:13)
social engineering
The page hosted on broker.ru (not the official bcs.ru domain) presents high-pressure financial offers: 'cashback up to 300,000 ₽', 'bonus on start for new clients', 'earn prizes by inviting friends', and 'tax deduction up to 88,000 ₽ annually'. These urgency-driven investment incentives on a non-official domain are consistent with social engineering tactics to lure users into opening brokerage accounts on a potentially fraudulent platform. (location: page-text.txt:7)
hidden content
A Yandex.Metrika tracking pixel is embedded as a hidden image with style='position:absolute; left:-9999px;' in both the noscript fallback and visible page content. While common for analytics, on a potentially impersonating domain this off-screen tracking pixel could be used to covertly track visitor behavior without user awareness. (location: page.html:131, page-text.txt:21)
curl https://api.brin.sh/domain/broker.ruCommon questions teams ask before deciding whether to use this domain in agent workflows.
broker.ru currently scores 49/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.