context safety score
A score of 49/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
obfuscated code
A heavily obfuscated JavaScript block is present, using URI-encoded strings, character-code arithmetic (Caesar-cipher-style rotation), and array-index slicing to conceal its logic. The script is tagged with data-cfasync="false" to bypass Cloudflare integrity checks and dynamically assembles and executes code whose purpose cannot be determined without full de-obfuscation. This pattern is consistent with ad-fraud, fingerprinting, or malicious redirect payloads. (location: page.html lines 1730 (also duplicated in page-text.txt line 1389))
malicious redirect
A third-party script is loaded from bundlemoviepumice.com — an unrecognised, suspicious domain with a randomly-constructed name typical of malvertising infrastructure. It is loaded asynchronously with onerror/onload callbacks (vymekyr) that are themselves defined inside the obfuscated block, meaning the redirect/payload logic is fully controlled by the external domain. (location: page.html line 1731)
malicious redirect
A third-party interstitial ad script is loaded from a.pemsrv.com (data-idzone 4135328) with data-ad_trigger_method="2" configured to fire pop-under or interstitial redirects after a set number of clicks. pemsrv.com is a known pop/push ad network frequently associated with unwanted redirects to scam and adult-offer pages. (location: page.html lines 491-497)
social engineering
The age-verification disclaimer modal bundles cookie consent together with the adult content gate: clicking 'SI, ENTRAR' simultaneously confirms age AND grants blanket cookie consent for all purposes. This dark-pattern design coerces users into broad data-collection consent they may not intend to give, under pressure of the content gate. (location: page.html lines 1655-1680)
social engineering
The 'No' button on the age-verification / cookie-consent modal redirects users to https://www.google.com/ rather than simply closing or leaving the page. This is a deceptive UX pattern that disguises a third-party redirect as a simple refusal action, potentially misleading automated agents or users about where the link leads. (location: page.html line 1668)
curl https://api.brin.sh/domain/rubias19.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
rubias19.com currently scores 49/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.