context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page conditionally redirects based on referrer or user-agent
js obfuscation
JavaScript uses Function constructor for runtime code generation
js obfuscation
Obfuscated document.write with encoded content
brand impersonation
The site presents itself as 'Indian Defence Review' (indiandefencereview.com), claiming to be the historic quarterly journal founded in 1986. However, the registered author in schema.org structured data is 'Alban Albanese' with a WordPress username slug 'sebti2222gmail-com', which is inconsistent with a legitimate long-standing Indian defence publication. The site uses a generic DV TLS certificate and the authorship metadata does not align with the proclaimed editorial identity. (location: page.html:28 - schema.org Person @id, twitter:data1 meta tag)
social engineering
The site publishes sensationalist military and geopolitical headlines designed to exploit fear and urgency (e.g., 'Chinese Hypersonic Missiles Could Destroy All U.S. Carriers', 'Iran Khorramshahr-4 Missile Can Hit Israel in 12 Minutes', 'Full List of Countries on Foreign Office Do Not Travel List After U.S Iran Tensions Surge'). This pattern of emotionally charged defence content may be used to manipulate readers into subscribing, sharing credentials, or clicking on monetised links. (location: page.html:198-392, page-text.txt:96-290)
hidden content
A third-party push notification SDK is dynamically injected via JavaScript from 'cdn.pushmaster-cdn.xyz', a domain not affiliated with the site. The script is loaded via dynamic DOM insertion (createElement/insertBefore) inside a delayed 'smart/delay' script block, making it non-obvious to casual inspection. This SDK requests browser push notification permissions and carries a VAPID public key, potentially enabling unsolicited push notification campaigns. (location: page.html:807-813, page-text.txt:705-711)
malicious redirect
The page includes a Marfeel SDK loaded from 'sdk.mrf.io' via dynamic script injection. While Marfeel is a known content monetisation platform, its dynamic injection pattern (creating script elements and inserting before the first script tag) can be used to deliver malicious payloads or redirect users through ad networks without clear disclosure to visitors. (location: page.html:803, page-text.txt:701)
credential harvesting
The site prominently features Login and Subscribe CTAs in the header and mobile nav, pointing to /login/ and /newsletter/. The newsletter form action posts to wp-admin/admin-ajax.php. While this is standard WordPress behaviour, combined with the brand impersonation signals and non-Indian authorship, these forms could be used to harvest user credentials or email addresses under a false editorial identity. (location: page.html:120-124, page.html:796)
curl https://api.brin.sh/domain/indiandefencereview.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
indiandefencereview.com currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.