context safety score
A score of 32/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
brand impersonation
The site pasteina.com serves content for 'Inatogel' (an online lottery/gambling platform) while presenting itself in metadata, title, og tags, and structured data as 'Inatogel Persero | Smart AI Product Development for Business' — a fabricated corporate AI technology identity designed to disguise a gambling operation. The canonical URL redirects to inakulah.com, og:url points to inapersero.com, and structured JSON-LD claims a legitimate Jakarta-based AI company. This multi-layer identity masking constitutes deliberate brand impersonation of the legitimate corporate/tech sector. (location: page.html:4,9,14,20,29-63)
malicious redirect
The canonical tag redirects from pasteina.com to inakulah.com, og:url points to inapersero.com, and the OpenInNewTab() JavaScript function hardcodes a redirect to https://inagace.com/register on any click event. The leaderboard div with onclick triggers this redirect silently. Multiple redirect destinations (inakulah.com, inapersero.com, inagace.com) are chained, obscuring the true destination and funneling users to a gambling registration page. (location: page.html:4,20,115-117,834-836,1333-1336)
credential harvesting
A login form with username and password fields is embedded in the navbar with autocomplete disabled on the password field. The form submits via md5nohash() (custom MD5 hashing via /js/vbulletin_md5.js) and posts to /ceklogin. The site is served at pasteina.com but collects credentials for the inatogel/inagace gambling platform. Users who believe this is a legitimate AI tech company (per the brand impersonation) may be tricked into submitting credentials. (location: page.html:248-263)
social engineering
The page presents an elaborate false corporate identity — claiming to be an AI product development firm with references to Google AI, McKinsey, and MIT Technology Review — while actually operating an online lottery (togel) gambling service. The footer text, structured data, and body copy are crafted to appear as a legitimate technology company to deceive users, regulators, and automated content scanners. The running text banner reveals the true nature: 'BANDAR TOGEL ONLINE TERBESAR DAN TERPERCAYA'. (location: page.html:288,706,1181-1186,page-text.txt:929-934)
hidden content
A 1x1 invisible iframe is dynamically injected into the DOM via obfuscated Cloudflare challenge script to execute /cdn-cgi/challenge-platform/scripts/jsd/main.js. The iframe has style visibility:hidden, height:1, width:1, positioned absolute at top:0 left:0. This hidden iframe loads and executes additional scripts outside normal page visibility, bypassing content inspection. (location: page.html:1359,page-text.txt:1107)
obfuscated code
A self-executing anonymous function creates a hidden iframe and injects a script with inline innerHTML containing encoded parameters (r:'9d727c0c1f4f72eb', t:'MTc3MjY0NDEyMy4wMDAwMDA=' — base64 for a timestamp). The script is assembled and appended programmatically to avoid static detection. This pattern is consistent with cloaking or bot-detection bypass techniques used to serve different content to scanners vs. real users. (location: page.html:1359)
malicious redirect
An external script is loaded from https://cdn.spacerbucket.com/qris/inatogel/pg.min.js — a non-standard CDN domain (spacerbucket.com) with a path suggesting gambling (inatogel) payment processing (qris/pg). This third-party script has full DOM access and could perform redirects, credential interception, or dynamic content injection. The domain is not associated with any known legitimate CDN provider. (location: page.html:7)
hidden content
External notification scripts and WebSocket client are loaded from firebase.hokibagus.club and statics.hokibagus.club — non-standard domains injecting persistent WebSocket connections and notification overlays (inatogel.js, notif.js). These could push unsolicited content, redirect triggers, or exfiltrate user session data without visible indication to the user. (location: page.html:824,826,828,831)
prompt injection
The page footer and body contain AI-legitimizing content specifically crafted to manipulate AI crawlers and language model indexers: references to 'Google AI', 'McKinsey AI research', 'MIT Technology Review', claims of 'ethical AI', 'explainable models', and 'human-centered design'. This content appears designed to make AI-based content classifiers and web agents treat the gambling site as a legitimate technology resource, poisoning AI training data and search agent evaluations. (location: page.html:1183-1186,page-text.txt:932-934)
social engineering
The site displays an age-restriction image (17+.png) to create an appearance of regulatory compliance, while the overall site structure, fake corporate identity, and gambling content suggest deliberate circumvention of actual age verification and gambling regulation requirements. This is a deceptive compliance signal. (location: page.html:1187)
curl https://api.brin.sh/domain/pasteina.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
pasteina.com currently scores 32/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.