context safety score
A score of 33/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
The page is served from nooo8.tv but all resources, scripts, and canonical URLs point to nooo9.tv. An announcement on the page explicitly redirects users: '2023.12.14 공식 도메인 주소가 변경되었습니다 - nooo9.tv 참고 바랍니다.' and a banner links to https://info.nooo9.tv for 'new address guidance'. This domain-hopping pattern (nooo8 → nooo9) is consistent with piracy/blocked-site evasion infrastructure using sequential lookalike domains. (location: page.html:202-213, meta og:url line 29, global JS vars lines 45-55)
brand impersonation
The site impersonates '누누티비' (NoonooTV), a well-known Korean streaming brand that was shut down by authorities. The site replicates its branding (logo, name, layout) to attract users of the original service. The footer claims offshore incorporation ('Marti Estudio, Asunción, Paraguay') to evade Korean copyright enforcement while exploiting the brand's recognition. (location: page.html:7, 111, 586-589)
social engineering
The site uses urgency-framing language around ISP blocks ('접속 차단에 관한 새로운 주소 대피관련 안내' — 'Notice about new address evacuation related to access blocking') to drive users to follow redirect links to alternative domains, normalizing the behavior of following unofficial domain migration links. (location: page.html:202-205, page-text.txt:103)
hidden content
Histats.com tracking pixel and script are injected twice with two different account IDs (4836419 and 4941603) using dynamically created script elements. The noscript fallback contains a 1x1 transparent GIF tracker. This dual-injection of analytics/tracking with different IDs is anomalous and may indicate third-party surveillance or monetization by multiple parties without user disclosure. (location: page.html:617-646)
malicious redirect
External media content (movie poster images) is loaded from fvideostream.com, a third-party domain with no disclosed relationship to the site. This cross-origin content loading from an opaque streaming domain exposes users to potential malicious content, tracking, or drive-by redirects if that domain is compromised or malicious. (location: page.html:256, 266, 276 (and throughout movie list))
hidden content
The page loads a LESS CSS compiler from a CDN (cdn.jsdelivr.net/npm/less) at the bottom of the body after all content. This is an unusual placement for a CSS preprocessor and serves no visible purpose on a pre-rendered page, suggesting it may be used for dynamic style injection or obfuscation purposes. (location: page.html:633)
curl https://api.brin.sh/domain/nooo8.tvCommon questions teams ask before deciding whether to use this domain in agent workflows.
nooo8.tv currently scores 33/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.