context safety score
A score of 34/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript contains heavy hex-escape encoding typical of obfuscation
malicious redirect
The scanned domain showpm.shop serves as a thin redirect/aggregator hub. The page canonical URL, favicon, and all navigation links point to www.showpm.in, while all post content links redirect users to a third domain, www.showpm.world. Users arriving at showpm.shop are silently funnelled through at least two domain hops (showpm.shop → showpm.in → showpm.world) without disclosure. The intermediate domain showpm.world is unrelated to the scanned URL and its safety is unknown. (location: page.html lines 59,65,71,82 (canonical/og:url redirect to showpm.in); all post body href links point to showpm.world (e.g. line 456, 500, 544, 588, 632, etc.))
brand impersonation
The page title and meta tags keyword-stuff the names of multiple legitimate Malayalam TV broadcasting brands (Asianet, Zee Keralam, Surya TV, Mazhavil Manorama) and impersonates well-known Malayalam streaming sites (ddmalar.com, kuthira.com, kurumbi.com, thiramala.com, kaduvatv.com, mallupm.com, pakkitv.com, munnatv.com) by including their domain names in the page <title> tag. This is designed to capture search traffic and brand trust belonging to those legitimate services. (location: page.html lines 5-7 (<title> tags))
hidden content
Multiple CSS rules use display:none to hide entire sections of post content from users: .post-body, .post-footer, .comment-link, .post img, .post blockquote, h2.date-header, .post-labels, .post-rating, and .post-footer are all set to display:none in the early stylesheet block, while a second stylesheet block later overrides some of these. This pattern is characteristic of cloaking — showing different content to crawlers/scrapers versus human users — and is used to hide SEO keyword stuffing text that is not meant to be visible. (location: page.html lines 40-48 (CSS display:none rules for .post-body, .post-footer, .comment-link, .post img, .post blockquote, h2.date-header, .post-labels, .post-rating))
social engineering
Every single post on the page contains only a large, bold, prominently styled call-to-action link reading '👉PLEASE OPEN' styled at font-size:xxx-large using the Anton display font, with no additional context about the destination. This is a manipulative UI pattern designed to pressure users into clicking through to the unknown third-party domain showpm.world without informed consent about the destination or content. (location: page.html lines 456, 500, 544, 588, 632, 676, 720, 764, 808, 861, 905, 949, 993, 1037, 1081, 1125, 1169, 1213, 1257, 1301 (and throughout the document))
hidden content
The page embeds keyword-stuffed SEO text within post bodies that is visually hidden from users via CSS (display:none on .post-body). The hidden text repeats search queries such as 'mazha thorum mumbe serial 26/02/2026 episode', 'mazhathorum mumbe serial today full episode', 'showpm mazhathorum mumpe serial', 'mazha thorum mumbe serial 26 february 2026 episode' across multiple posts. This is a classic SEO cloaking technique to rank for queries without displaying the content to visitors. (location: page.html lines 456, 1345, 2366 (repeated keyword-stuffed text blocks in post bodies set to display:none))
curl https://api.brin.sh/domain/showpm.shopCommon questions teams ask before deciding whether to use this domain in agent workflows.
showpm.shop currently scores 34/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.