context safety score
A score of 32/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
hidden instruction
high hidden content ratio detected in DOM
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page loads content in transparent or zero-size iframe overlay
brand impersonation
The site at rebahinxxi3.rest impersonates multiple well-known Indonesian streaming brands including IndoXXI, Layarkaca21, LK21, Cinema21, BioskopKeren, DewaNonton, Ganool, and others. These are recognizable piracy/streaming brand names used to attract users searching for those services. (location: page.html footer and page-text.txt - brand name listings)
malicious redirect
The page at rebahinxxi3.rest loads all its actual WordPress backend resources (scripts, AJAX endpoints, images, CSS) from a different domain: rebahinxxi3.life. This domain split is a common technique where the frontend domain acts as a disposable facade that can be rotated while the real backend persists. All JS, plugin assets, and AJAX calls route to rebahinxxi3.life/wp-admin/admin-ajax.php. (location: page.html lines 14-18, script src attributes and JS variable declarations)
hidden content
Repeated keyword stuffing of 'kantorbola', 'kantorbola77', 'kantorbola88', 'kantorbola99' appears in the visible text area of the page. These are SEO spam keywords (associated with Indonesian gambling/slot sites) injected into the streaming site's content, likely invisible to casual users but intended to manipulate search engine indexing and lure users searching for gambling platforms. (location: page-text.txt line 1 - kantorbola keyword cluster)
hidden content
A hidden div with id='pad' and style='display:none' contains the value '0'. While minimal, this follows a pattern of concealed data elements used for tracking or dynamic manipulation not visible to users. (location: page.html line 4 - <div id="pad" style="display:none">0</div>)
social engineering
The site presents itself as a free, legitimate streaming and download platform ('Streaming Dan Download Film Sub Indo Terbaru') with DMCA and Privacy pages to appear credible, while actually distributing pirated content. This social engineering builds false trust to keep users on the site and clicking through to potentially malicious ad/redirect networks typical of piracy sites. (location: page-text.txt footer disclaimer and page.html title/copyright)
malicious redirect
Footer links and genre links mix relative paths on rebahinxxi3.rest with absolute links pointing directly to rebahinxxi3.life (e.g. href='https://rebahinxxi3.life/genre/drama/'). This cross-domain linking silently shuttles users between two separate domains without disclosure, a pattern used to evade blocklists and distribute traffic across rotating domains. (location: page.html lines 2-3 - footer anchor href attributes mixing domains)
curl https://api.brin.sh/domain/rebahinxxi3.restCommon questions teams ask before deciding whether to use this domain in agent workflows.
rebahinxxi3.rest currently scores 32/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.