context safety score
A score of 62/100 indicates minor risk signals were detected. The entity may be legitimate but has characteristics that warrant attention.
encoded payload
suspicious base64-like blobs detected in page content
credential harvesting
Login form collects email and password credentials and submits to login.cfm via POST. The site uses a non-well-known domain (app.boostcoinz.com) with an employee recognition/rewards theme. The form has 4 credential-related inputs (action, favoriteUID, successURL, target hidden fields plus email and password), matching the flagged credential form count of 4. The domain and branding do not correspond to any major known enterprise platform, raising concern about credential collection under a fabricated rewards program context. (location: page.html:1627-1657)
social engineering
The page presents itself as a corporate employee rewards/recognition platform ('Welcome to Boost with Coinz Login') with an invitation to sign up for an organizational program. This framing is a common social engineering tactic to establish legitimacy and encourage employees to enter corporate credentials into a third-party site. The site solicits organizational adoption ('Need a program for your organization? Click here to sign up'), which could be used to harvest credentials at scale across multiple organizations. (location: page.html:1620-1621, page-text.txt:84-85)
brand impersonation
The page uses a custom logo loaded from the same domain (stores/store1687/files/Boost-Coinz-login.png) and presents a branded interface mimicking a legitimate SaaS HR/rewards platform. The use of 'Boost with Coinz' branding, professional Bootstrap-based admin UI template (design6000), and corporate-style login page creates an appearance of legitimacy that could deceive employees into trusting the site with their credentials. (location: page.html:1581, page.html:1620)
hidden content
The page-text.txt extracted content includes raw CSS style blocks rendered as visible text (lines 28-82), indicating style elements were injected inline within content areas (inside <span class='bootstrapLoginInstructions'> and logo comment blocks). CSS is being injected inside HTML comment markers labeled 'openHack CloseHack', which is an unusual pattern suggesting deliberate obfuscation or template injection techniques. Hidden content ratio was flagged at 0.09 by the scanner. (location: page.html:1562-1583, page.html:1592-1619, page-hidden.txt:13-14)
curl https://api.brin.sh/domain/app.boostcoinz.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
app.boostcoinz.com currently scores 62/100 with a caution verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.