context safety score
A score of 30/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
obfuscated code
Large obfuscated JavaScript block using decodeURI with percent-encoded strings, Caesar-cipher-like character rotation (charCodeAt offset by position modulo 95), and dynamic script injection. The script decodes a long obfuscated string at runtime, splits it into segments, and uses those segments to dynamically construct and load external scripts and manipulate the DOM. This pattern is a known technique to hide malicious payloads from static analysis. (location: page.html line 343, page-text.txt line 12 — inline <script data-cfasync='false'>)
malicious redirect
External script loaded from 'renamereptiliantrance.com/on.js' — a third-party domain with no apparent legitimate affiliation. The domain name is suspicious (random-word-combination pattern typical of malvertising/ad-fraud domains). Script is loaded asynchronously with data-clocid='2085313' and triggers a callback 'tyymsx' on both load and error events, indicating popunder/redirect ad network integration. (location: page.html line 344 — <script src='//renamereptiliantrance.com/on.js'>)
obfuscated code
Popunder ad network script using base64-encoded URLs (atob()) to conceal actual script sources. Decoded values resolve to 'www.antiadblockystems.com/w/ux509_simpl.min.js' and 'd3cod80thn7qnd.cloudfront.net/kyEk/RqCmQP/aJcrop.min.css'. The script dynamically injects these into the page, uses a hardcoded expiry timestamp (1797566656000), and circumvents ad-blockers. Site ID 5201194 with popunder configuration (popundersPerIP, topmostLayer) confirms this is a drive-by popunder/redirect monetization system. (location: page.html lines 347-351, page-text.txt lines 17-19 — inline <script> with CDATA wrapper)
social engineering
Footer notice instructs visitors to bookmark an alternative domain 'uncutmaza.io' if the main domain becomes unavailable. This is a classic technique used by piracy/adult sites to redirect traffic to mirror domains that may host malware, additional ad-fraud scripts, or phishing content. The phrasing 'official domains' is designed to establish false legitimacy for potentially unsafe alternative sites. (location: page.html lines 850-855, page-text.txt lines 352-355 — footer-notice div)
brand impersonation
Site explicitly compares itself to and names competing platforms (AagMaal, Webxseries, XMasti, XMaza) in footer text to establish false credibility. The site operates under a .com.co TLD (Colombia ccTLD) while branding itself as 'UncutMaza.com' and claiming to be 'No.1' and 'most trusted' — a pattern consistent with typosquatting/brand impersonation of an established piracy site, potentially to capture traffic intended for the original domain. (location: page.html lines 847-848, metadata.json — domain uncutmaza.com.co vs alternateName uncutmaza.com in schema)
malicious redirect
Navigation menu includes outbound links to external third-party domains: 'xmazaa.ac', 'botmaal.com', and 'theporndude.com'. These are embedded directly in the site navigation without nofollow attributes, potentially redirecting users to other adult/piracy sites that may carry their own malvertising or drive-by download risks. (location: page.html line 367 — site navigation menu external links)
curl https://api.brin.sh/domain/uncutmaza.com.coCommon questions teams ask before deciding whether to use this domain in agent workflows.
uncutmaza.com.co currently scores 30/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.