context safety score
A score of 39/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
obfuscated code
Heavily obfuscated JavaScript block in the footer uses a multi-stage decode pipeline: URI-percent-encoded string decoded with decodeURI(), followed by a Caesar-cipher-style character rotation (charCodeAt offset by position mod 95), then split into indexed substrings using a large offset array. The resulting payload dynamically constructs strings and loads external scripts at runtime, hiding the true destination URLs and logic from static analysis. (location: page.html:679 (happy-footer-mobile div) and page-text.txt:368)
malicious redirect
Obfuscated script dynamically loads an external JavaScript file from 'deductgreedyheadroom.com' — a randomly-worded domain characteristic of malvertising/ad-fraud infrastructure. The script tag carries onerror and onload callbacks ('rrjlumzg(16)') that invoke functions assembled by the obfuscated code, enabling drive-by redirects or payload delivery without visible indication to the user or a crawling agent. (location: page.html:680)
obfuscated code
The same obfuscated IIFE that loads 'deductgreedyheadroom.com/bn.js' constructs all script URLs, event handler names, and configuration values at runtime via the rotating-cipher decode. This pattern is used specifically to bypass static URL blocklists and security scanners, and is a common technique in malvertising injection chains. (location: page.html:679)
social engineering
The site presents a user registration and login modal ('Join Dibokepindo.com') collecting username, email, and password on an adult content platform. Adult tube sites frequently use fake membership prompts to harvest credentials, especially when the content itself is freely available without login, as is the case here. The registration form posts to the same origin but credential collection on adult sites with opaque ownership is a known social-engineering vector. (location: page.html:714-737)
credential harvesting
Login form (wpst_login_form) and registration form (wpst_registration_form) both POST plaintext credentials (username + password) to https://dibokepindo.com/ with action parameters 'wpst_login_member' and 'wpst_register_member'. The site operator receives all submitted credentials. Combined with the obfuscated third-party script loading, there is meaningful risk that harvested credentials are exfiltrated via the injected ad/tracking scripts. (location: page.html:719-737 and page.html:744-759)
hidden content
A <div data-cl-spot='2098105'> element appears twice in the page (once in the sidebar and once inside the obfuscated footer script block) with no visible content. This is a 'content locker' or dynamic ad-injection spot whose payload is determined entirely at runtime by third-party scripts, making the actual rendered content invisible to static analysis. (location: page.html:643 and page.html:681)
curl https://api.brin.sh/domain/dibokepindo.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
dibokepindo.com currently scores 39/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.