context safety score
A score of 39/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
hidden instruction
high hidden content ratio detected in DOM
brand impersonation
The domain gildiya.pro is fully cloning the ManoMano Spain (manomano.es) e-commerce platform. It reproduces ManoMano's complete UI, branding, CSS assets, JavaScript bundles, fonts, favicons, product listings, and footer trust signals (awards, payment logos) while serving under an unrelated domain. All static assets (CSS, JS, images) are loaded directly from www.manomano.es, making it a pixel-perfect impersonation of the legitimate retailer. (location: page.html:1, page.html:line 31 (logo href gildiya.pro with text GILDIYA.PRO overlaying ManoMano layout), page.html lines 13-21 (all assets from manomano.es))
phishing
The site presents a fully functional fake ManoMano storefront at gildiya.pro, including login/account flows ('Inicia sesión', 'Acceder a mi cuenta', 'Soy un Profesional'), newsletter email-capture form, order tracking, and contact pages — all hosted on the impostor domain. Users entering credentials or email addresses are submitting them to gildiya.pro, not ManoMano. (location: page-text.txt:1 (Inicia sesión, Acceder a mi cuenta), page.html:65 (pedidos, ayuda, contacto links all pointing to gildiya.pro))
credential harvesting
The page contains a newsletter subscription form requesting user email addresses ('Suscríbete a nuestra newsletter y consigue 5€ de descuento') and login/account access buttons ('Inicia sesión', 'Acceder a mi cuenta', 'Acceder a los precios Pro'). These forms are served from gildiya.pro rather than the legitimate manomano.es, harvesting credentials and personal data under the guise of the trusted ManoMano brand. (location: page-text.txt:2 (newsletter subscribe section), page.html:34-36 (search/login UI elements))
social engineering
The site uses multiple trust-building techniques copied from the legitimate ManoMano site: displaying 'Mejor comercio online del ano 2021', 'Mejor Marketplace 2023', and 'Confianza Online' award badges; showing 'Pago seguro' with Visa/Mastercard/PayPal/GooglePay logos; claiming '7 millones de clientes'; and offering 'Descuentos Pro hasta un -15%' and a €5 discount coupon to encourage email submission. These are all social engineering elements designed to build false trust. (location: page.html:64 (payment logos), page.html:72 (award badges), page-text.txt:2 (trust claims))
malicious redirect
The page contains JavaScript that redirects users to '/incompatible-navegador' if their browser is deemed incompatible, controlling the user journey on the impostor domain. Additionally, the canonical URL and all og:/twitter: meta tags point to https://gildiya.pro/ rather than manomano.es, reinforcing the domain as the authoritative page for SEO and social sharing purposes, directing organic and social traffic to the fraudulent site. (location: page.html:2-8 (window.location.replace('/incompatible-navegador') script block), page.html:1 (canonical href=https://gildiya.pro/))
hidden content
The site includes a hidden SEO navigation menu ('nav#menu-SEO') with aria-hidden='true' on all its list items. This nav contains a full site map of category and product URLs all pointing to gildiya.pro subpaths, invisible to users but crawlable by search engines and AI agents. This is used to boost the fraudulent domain's search ranking by cloaking a full navigation structure from human visitors. (location: page.html:30 (id='header.MenuForSEO', nav id='menu-SEO' class='hidden h-0 w-0', all li aria-hidden='true'))
curl https://api.brin.sh/domain/gildiya.proCommon questions teams ask before deciding whether to use this domain in agent workflows.
gildiya.pro currently scores 39/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.