context safety score
A score of 32/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
malicious redirect
script/meta redirect patterns detected in page source
brand impersonation
The site operates at netdna-ssl.com but uses the 'Snapinsta' brand name throughout its title, meta tags, and OG tags (title: 'Snapinsta - Download Instagram Videos, Reels, Stories for FREE'), directly impersonating the well-known Snapinsta service to capture its search traffic and users. The actual site brand 'NetDNA' differs from the impersonated brand displayed in metadata. (location: page.html lines 6-21, <title> and og:title/twitter:title meta tags)
brand impersonation
The site uses Instagram's trademarked name, logo-style SVG icons resembling Instagram's camera icon, and Instagram brand colors extensively throughout the interface without authorization. While a small footer disclaimer notes non-affiliation, the overall design, icon, and branding is crafted to visually impersonate an official Instagram-affiliated service. (location: page.html lines 62-182, hero section and navigation branding)
social engineering
The site displays fabricated social proof with 6 named 'Verified' reviewers all giving 5.0 star ratings, a claimed '4.9 average rating' from '12K+ Total reviews', and inflated statistics ('5M+ Happy Users', '2.5x Faster Downloads'). These unverifiable claims are designed to manipulate user trust and lower their guard before submitting Instagram URLs to the service. (location: page.html lines 898-1244, reviews section)
malicious redirect
The download form POSTs user-supplied Instagram URLs to a server-side /download endpoint and, on success, performs an unvalidated client-side redirect to a server-controlled result.redirectUrl value via window.location.href. This pattern allows the server to redirect users to any arbitrary URL after they interact with the download function, enabling ad-fraud redirect chains or redirects to malicious payloads. (location: page.html lines 1551-1566 (page-text.txt lines 1561-1565): result.redirectUrl used in window.location.href)
credential harvesting
The site actively solicits clipboard access via navigator.clipboard.readText() through a prominent 'Paste' button. This silently reads the full clipboard contents — which may contain passwords, tokens, or sensitive data copied by the user — and inserts it into the URL input field before submission to the server. The FAQ item 'What if I accidentally paste my own Instagram password' further signals awareness of this risk vector. (location: page.html lines 1579-1599 (handlePaste function), FAQ item 4 at line 1297-1305)
brand impersonation
Footer section references 'INFLACT' as the company brand with About Us and Contacts links, while the page-level branding presents as 'NetDNA'/'Instagram Downloader' and metadata presents as 'Snapinsta'. This three-way brand inconsistency (Snapinsta in metadata, NetDNA on-page, Inflact in footer) indicates deliberate brand confusion to capture traffic from multiple established services. (location: page.html lines 1474-1480, footer INFLACT section)
social engineering
The site uses the domain name 'netdna-ssl.com' — mimicking the legitimate NetDNA CDN/SSL infrastructure brand — to lend an impression of technical legitimacy and trustworthiness to what is an independent third-party scraper service. The domain is only 222 days old, inconsistent with a legitimate CDN infrastructure provider. (location: metadata.json: domain=netdna-ssl.com, domain_age_days=222; page.html line 8 og:url)
curl https://api.brin.sh/domain/netdna-ssl.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
netdna-ssl.com currently scores 32/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.