context safety score
A score of 36/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
brand impersonation
The page hosted at pusat-nonton.space renders a full replica of Google's reCAPTCHA/unusual-traffic interstitial, including Google branding, Google Trust Services TLS cert, and a reference to Google's Terms of Service. The actual domain is unrelated to Google, making this a deliberate impersonation of Google's security infrastructure to deceive users and AI agents. (location: page.html:3-33, <title> set to 'https://www.google.com/')
phishing
The page mimics Google's CAPTCHA challenge page (title set to 'https://www.google.com/') on a non-Google domain (pusat-nonton.space). A hidden form field named 'continue' is set to 'https://www.google.com/', likely to redirect victims after form submission, making the phishing lure convincing by eventually landing on Google. (location: page.html:17, hidden input name='continue' value='https://www.google.com/')
malicious redirect
The form posts to 'index' (action='index') with a hidden 'continue' parameter pointing to 'https://www.google.com/' and a hidden 'q' parameter containing an opaque encoded token. This pattern is consistent with a phishing relay: the site harvests the reCAPTCHA response/token and then redirects the user to Google to avoid suspicion. (location: page.html:7,17, form action='index', hidden inputs 'q' and 'continue')
prompt injection
The page is designed to appear as a legitimate Google security challenge. An AI agent crawling or rendering this page would read content asserting 'Our systems have detected unusual traffic' and instructions to 'solve the CAPTCHA', potentially causing the agent to interact with the form, submit credentials or tokens, or follow the redirect chain — all on a malicious third-party domain. (location: page.html:24-27, visible body text impersonating Google automated-traffic detection)
obfuscated code
A hidden form input named 'q' contains a long opaque base64/encoded token value. This token is submitted silently with the form and its purpose is not disclosed to the user. It likely encodes tracking, session, or redirect state for the phishing backend. (location: page.html:17, <input type='hidden' name='q' value='EhAmABkAAAAtCQ...'>)
social engineering
The page uses authoritative Google-style language ('Our systems have detected unusual traffic from your computer network') combined with a fake CAPTCHA to pressure users into submitting the form, exploiting trust in Google's brand to manufacture urgency and compliance. (location: page.html:24, page-text.txt:21-24)
curl https://api.brin.sh/domain/pusat-nonton.spaceCommon questions teams ask before deciding whether to use this domain in agent workflows.
pusat-nonton.space currently scores 36/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.