context safety score
A score of 41/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
js obfuscation
JavaScript uses Function constructor for runtime code generation
brand impersonation
The domain jaya9bangladesh.com serves content that impersonates 'Jaya9 Official' (canonical brand at jaya9.best), using its logo (https://www.jaya9.best/static/image/home/logo3.png), brand name, og:url pointing to www.jaya9.best, and identical branding. This is a satellite/mirror domain designed to capture brand search traffic and funnel users to the gambling platform under a deceptive 'official' claim. (location: page.html:1 - og:url=https://www.jaya9.best/, og:image from jaya9.best, meta title claiming 'Jaya 9 Official')
malicious redirect
The og:url meta tag points to https://www.jaya9.best/ while the actual serving domain is jaya9bangladesh.com. The page content and assets are primarily loaded from jaya9.best (logo, static resources), indicating this domain acts as a redirect/doorway page that funnels users to a different destination domain. Users visiting jaya9bangladesh.com may be transparently proxied or redirected to jaya9.best. (location: page.html:1 - meta property=og:url content=https://www.jaya9.best/)
obfuscated code
A heavily minified and obfuscated tracking pixel script (BPixelJS) is embedded inline. It reads authentication tokens from window.tokens.bcid, document cookies (bcid), and URL query parameters, then exfiltrates them via image beacon requests. The code uses non-standard method chaining (console.error.betly) suggesting a patched/tampered console object to suppress errors. This is consistent with covert credential/session token harvesting infrastructure. (location: page.html:127-129, page-text.txt:1-4 - BPixelJS inline script block)
credential harvesting
The BPixelJS script extracts 'bcid' tokens from three sources: window.tokens object, document.cookie, and URL query string parameters. These tokens are then transmitted via image beacon (pixel fire) to a remote tracking server. This pattern is used to silently harvest session identifiers or affiliate tracking IDs from users arriving via other platforms, enabling session hijacking or cross-site tracking. (location: page.html:127-129 - function a() reads bcid from cookies/tokens/URL; image beacon in function u())
social engineering
The page uses fabricated trust signals including a fake AggregateRating (4.8/5 from 1250 reviews) in JSON-LD structured data, a listed physical address ('Dhaka Online Hub, Gulshan, Dhaka 1212'), and a phone number, none of which are verifiable. These are used to create false legitimacy for an online gambling operation that may be operating illegally in Bangladesh (where online gambling is prohibited). (location: page.html:72-78 - AggregateRating schema; lines 59-65 - PostalAddress schema)
hidden content
CSS rule '.dtpcnt { opacity: 0; }' hides elements with class 'dtpcnt' from view while keeping them in the DOM. This technique is commonly used to embed hidden text for SEO manipulation or to hide content from human users while serving it to crawlers or AI agents. Combined with the SPA architecture (Vue.js, single div#app), substantial content may be rendered and hidden client-side. (location: page.html:124 - style block: .dtpcnt { opacity: 0; })
obfuscated code
Facebook Pixel (fbq) initialization code is conditionally loaded only when the hostname matches jaya9ads.shop, jaya9ads.site, or jaya9ads.store — domains not matching the current serving domain. This dead-code pattern in the deployed page suggests the HTML is shared across a network of related gambling ad-network domains, and the pixel ID (1969807457170172) is used for cross-domain ad attribution and user tracking across that network. (location: page.html:130-140 - conditional Facebook Pixel block for jaya9ads.* domains)
social engineering
Keyword stuffing in meta tags and schema alternateName includes variations like 'Jaya9.bet', 'Joya9', 'Jaya 9 VIP' to capture users searching for multiple related brand variants. The schema lists these as legitimate alternate names for the organization, which is a deceptive SEO technique to intercept brand-confused users looking for any variant of the gambling platform. (location: page.html:9 - schema alternateName array; meta keywords tag in line 1)
curl https://api.brin.sh/domain/jaya9bangladesh.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
jaya9bangladesh.com currently scores 41/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.