context safety score
A score of 14/100 indicates severe risk signals were detected. This entity exhibits patterns strongly associated with active threats.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
js obfuscation
JavaScript uses Function constructor for runtime code generation
social engineering
The site presents itself as a legitimate Indonesian online lottery (togel) and gambling platform with false trust signals: claims to be 'AGEN TOGEL ONLINE TERBAIK DAN PALING AMAN' (best and safest online lottery agent), uses urgency tactics, blinking registration buttons, and fabricated jackpot winner announcements (e.g., 'Selamat kepada userID Panxxxxxx telah mendapatkan progressive jackpot senilai 275,900,200') to pressure users into registering and depositing money. (location: page.html:232, page.html:1619, page.html:1781-1783)
credential harvesting
Login form in the navbar collects username and password credentials. The form uses a custom MD5 password hashing script (/js/vbulletin_md5.js) before submission, and the domain (congtogel2026.com) is only 61 days old — a newly registered domain hosting a credential intake form is a strong indicator of credential harvesting infrastructure. The canonical URL redirects to congtogelpool.com, a different domain, meaning credentials entered here may be processed by a separate backend. (location: page.html:193-207, page.html:21)
malicious redirect
Multiple redirect chains are present. The canonical link and pingback both point to congtogelpool.com (different domain). The OpenInNewTab() function always redirects to https://congtogelpool.com/register. An amphtml link points to https://hoppiloppi.xyz/congsayang/ — an unrelated third-party domain. Multiple shortlinks via shortme.cc are used throughout the page to obscure final destinations of navigation links. (location: page.html:21-23, page.html:63-66, page.html:1345)
malicious redirect
A MutationObserver script continuously monitors and rewrites all links with href='/promotion/v2' to redirect to https://shortme.cc/congpromo — a URL shortener that hides the true destination. This DOM manipulation persists dynamically and affects any links injected after page load. (location: page.html:2342-2354)
hidden content
An invisible 1x1 iframe is dynamically injected into the document body via obfuscated inline script with style 'visibility:hidden', used to load Cloudflare challenge scripts. While this pattern can be legitimate, combined with the obfuscated parameter encoding (base64: 'MTc3MjYzOTk3NC4wMDAwMDA=') it serves as a fingerprinting/tracking mechanism invisible to users. (location: page-text.txt:2769)
hidden content
A leaderboard div is positioned at absolute right:-235px, placing it entirely off-screen and invisible to users: '<div style="position: absolute;z-index: 99;right:-235px;">'. This contains an onclick handler calling OpenInNewTab() which redirects to congtogelpool.com/register, functioning as a hidden clickjacking element. (location: page.html:2364-2367)
social engineering
A fabricated progressive jackpot counter is injected via JavaScript that starts at IDR 1,158,530,000 and increments by a random amount every 100ms using setInterval, creating a fake real-time jackpot display to manipulate users into believing large winnings are constantly occurring and enticing deposits. (location: page.html:1781, page.html:1979-2005)
social engineering
A fake urgency notice is injected into the page claiming Mandiri bank deposits are experiencing technical difficulties and instructing users to deposit via QRIS instead — a common tactic in Indonesian gambling scams to redirect payment flows to unmonitored payment channels. (location: page.html:1754)
malicious redirect
External script loaded from unverified third-party CDN: https://cdn.spacerbucket.com/qris/congtogel/pg.min.js and https://ampserver.vip/cdn/js/cong-custom.js and https://static.augipt.com/assets/snippets/scripts/idn-togel-spa.js — none of these are established CDN providers. These scripts execute with full page privileges and could perform credential exfiltration, DOM manipulation, or redirect injection. (location: page.html:25, page.html:384, page.html:1954-1956)
prompt injection
The page uses a meta tag 'notranslate' to suppress Google Translate, and multiple Google Site Verification tags (5 separate verification codes) suggesting the operator has control over multiple Google Search Console properties, potentially used to manipulate search results and deceive users navigating to the site via organic search — an indirect AI/agent deception vector when search-augmented agents index this content. (location: page.html:4, page.html:11-15)
social engineering
An APK download banner is dynamically injected promoting 'APLIKASI CONGTOGEL' with a download link to https://servercongku.xyz/cdn/apk/cong-v.5.0.apk — an unsigned Android app from a non-official source that could contain malware or spyware targeting Indonesian users. (location: page.html:1718-1719)
curl https://api.brin.sh/domain/congtogel2026.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
congtogel2026.com currently scores 14/100 with a dangerous verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.