context safety score
A score of 34/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
phishing
2 deceptive links where visible host does not match destination host
malicious redirect
The page is served from gg88.black but all canonical URLs, og:url, and internal links point to 3c360r.sa.com — a completely different domain. The canonical tag explicitly redirects search engines and agents to https://3c360r.sa.com/, masking the true serving domain and splitting brand identity across domains to evade detection. (location: page.html:14 — <link rel='canonical' href='https://3c360r.sa.com/' />)
brand impersonation
The site claims to be 'GG88 - Trang Chủ Chính Thức Của GG88.COM' (Official Homepage of GG88.COM), asserting itself as the sole official site of the GG88 brand while operating from gg88.black (redirecting through 3c360r.sa.com). It impersonates a licensed Asian gambling brand (GG88) and falsely claims legitimacy with Curaçao and Cagayan licenses without verifiable proof. (location: page.html:11,853 — title tag and footer brand claim)
malicious redirect
Two prominent call-to-action buttons ('Đăng Ký' / Register and 'Đăng Nhập' / Login) link to https://rr88_shortlink.rr88tino.workers.dev/gg88seo — a Cloudflare Workers-hosted URL shortener on a different domain (rr88tino.workers.dev) entirely unrelated to the displayed brand. This redirects users to an unknown third-party destination for account registration and login. (location: page.html:341,365 — href='https://rr88_shortlink.rr88tino.workers.dev/gg88seo')
malicious redirect
Bottom ad overlay contains four links routing through the same rr88tino.workers.dev shortlink service to destinations xx88seoaa, rr88seotn1, mm88seo02, and gg88seo01 — advertising competing/affiliate gambling brands (XX88, RR88, MM88, GG88) via an opaque redirector with no visibility into final destination URLs. (location: page.html:1147-1150 — bottom-ads div with rr88_shortlink.rr88tino.workers.dev hrefs)
social engineering
The page aggressively promotes high-value bonuses (100% welcome bonus up to 5,000,000 VND, free 88K on registration, daily cashback, referral bonuses) to lure users into registering and depositing money at an unlicensed/unverified offshore gambling site. Urgency and exclusivity language is used throughout to pressure users into immediate action. (location: page.html:470-481 — promotional offers section)
social engineering
The site instructs users to 'use real information' when registering ('sử dụng thông tin thật') and frames this as necessary to qualify for bonuses, which is a social engineering technique to harvest genuine personal and financial data from victims. (location: page.html:481 — 'Lưu ý quan trọng' notice)
malicious redirect
An external script from https://tinyl.io/CIPF is loaded asynchronously. tinyl.io is a URL shortener service — loading an opaque shortlink as a script is a known technique for delivering dynamic malicious payloads or tracking/redirecting users without transparency about the script's actual content or origin. (location: page.html:111 — <script src='https://tinyl.io/CIPF' async>)
phishing
The site presents itself as the official GG88 homepage (gg88.black) while all real content, canonical links, and infrastructure reside on 3c360r.sa.com. Login and registration buttons redirect through an opaque shortlink to an unknown destination. This multi-layer deception (fake domain → affiliate shortlinker → unknown gambling site) constitutes a phishing funnel designed to harvest user credentials and financial information. (location: page.html:341,365 — login/register CTA buttons pointing to rr88tino.workers.dev shortlinks)
curl https://api.brin.sh/domain/gg88.blackCommon questions teams ask before deciding whether to use this domain in agent workflows.
gg88.black currently scores 34/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.