context safety score
A score of 39/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
domain spoof risk
domain has spoofing indicators (punycode/confusable/highly synthetic naming)
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page loads content in transparent or zero-size iframe overlay
malicious redirect
Navigation link 'التيوب' points to https://darkegy.cam/ — an external third-party domain unrelated to xn--mgbkt9eckr.net, consistent with a traffic-hijacking or affiliate redirect to a pornographic cam site. The domain uses a .cam TLD designed to obscure its nature. (location: page.html:547 — <a href="https://darkegy.cam/" rel="nofollow" data-nav-id="tube_link">)
malicious redirect
Navigation link 'كام عربي مباشر' redirects to https://ar.cam.xn--mgbkt9eckr.net/ — a subdomain live-cam site. While on the same registrant's domain, the subdomain hosts an explicit live-cam service and represents a forced redirect to adult content from the main forum navigation. (location: page.html:573 — <a href="https://ar.cam.xn--mgbkt9eckr.net/" rel="nofollow" data-nav-id="live_cam">)
hidden content
Third-party ad script loaded from a subdomain constructed as 'mgbkt9eckr.xn--mgbkt9eckr.net' (AdSpyglass ad network) in the header ad unit. The subdomain mirrors the punycode domain itself and loads an opaque JavaScript payload (Tyzqpl5.js) with uncontrolled ad spot IDs. AdSpyglass is known to serve popunder/redirect ads including malware and scam offers. (location: page.html:425 — <script type="text/javascript" src="//mgbkt9eckr.xn--mgbkt9eckr.net/Tyzqpl5.js" data-spots="368638">)
hidden content
A second AdSpyglass script is injected in the forum_overview_bottom ad position, loading from 'nope.xn--mgbkt9eckr.net/ub8OEgc.js' with spot ID 388111. The subdomain 'nope' is an unusual naming choice for an ad server and both scripts use unvalidated %subid1%/%subid2% placeholders, a pattern used to track and redirect users through affiliate networks. (location: page.html:9857 — <script src="//nope.xn--mgbkt9eckr.net/ub8OEgc.js" data-spots="388111">)
social engineering
A banner ad unit at forum_overview_bottom embeds an iframe from 'creative.cam.xn--mgbkt9eckr.net' promoting 'نسوانجي كام أول موقع عربي يتيح لايف كام مع شراميط من أنحاء الوطن العربي'. The iframe auto-loads live cam content without user consent and uses a long hash userId parameter suggesting tracking without explicit disclosure, pressuring users to engage with paid adult content. (location: page.html:9857-9859 — samBannerUnit iframe src="https://creative.cam.xn--mgbkt9eckr.net/LPLiteIframe?campaignId=neswangy-widget...")
social engineering
The node description for the 'نسوانجي كام' link forum uses a high-pressure limited-time offer: '**خصم ٥٠٪ لوقت محدود** نسوانجي كام اول موقع كام عربي للبث المباشر الاباحي'. This is a classic urgency-based social engineering tactic embedded in the forum structure to drive paid subscription conversions. (location: page.html:1481-1482 — node-description for node--id77)
hidden content
A third-party script is loaded from naswup.com (//naswup.com/sdk/pup.js) with data-auto-insert='html-embed-full', allowing the external domain to inject arbitrary HTML into the page body. This is a supply-chain risk: if naswup.com is compromised, it can inject phishing content, credential harvesters, or prompt injection payloads directly into page HTML. (location: page.html:387 — <script async src="//naswup.com/sdk/pup.js" data-auto-insert="html-embed-full">)
hidden content
A voice/media script is loaded from //xn--mgbkt9eckr.net/voicepup.js with data-url pointing to https://vocaroo.com/ — an external audio hosting service. The script is loaded with 'async' and could silently load or embed audio content from a third-party without user awareness. (location: page.html:390-394 — <script async src="//xn--mgbkt9eckr.net/voicepup.js" data-url="https://vocaroo.com/">)
curl https://api.brin.sh/domain/xn--mgbkt9eckr.netCommon questions teams ask before deciding whether to use this domain in agent workflows.
xn--mgbkt9eckr.net currently scores 39/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.