context safety score
A score of 33/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page conditionally redirects based on referrer or user-agent
brand impersonation
The site operates at goal7.co but consistently presents itself as 'Goal.co' and 'goal.co' throughout the page title, OG tags (og:url set to https://goal.co/, og:site_name set to goal.co), footer copyright, and body text. This impersonates the legitimate goal.co sports brand by using a typosquat domain (goal7.co) while displaying all branding of the original. (location: page.html lines 17-20, 23, 665-666; og:url meta tag)
hidden content
Both page.html and page-text.txt contain extremely long runs of whitespace characters (hundreds of blank spaces) on lines 42, 150, and 913 in the HTML, and lines 96 and 845 in the page-text. These whitespace padding blocks are a known technique to push content out of normal viewport rendering or to obscure content from casual inspection while keeping it present in the DOM. (location: page.html lines 42, 150, 913; page-text.txt lines 96, 845)
hidden content
All ad-block elements are styled with 'display: none' as the default CSS rule, with JavaScript conditionally revealing them only on mobile devices (ena=2). This means ad content — including gambling/betting affiliate links via ibit.ly URL shortener — is hidden from desktop crawlers and security scanners but shown to mobile users. (location: page.html lines 46-53, 57-64, 126-149)
social engineering
Multiple banner advertisements link to gambling/betting sites (ufazeed, ufagool, ufac4, sexygame66, slotgame66, lotto432) via the ibit.ly URL shortener, which obfuscates the true destination. These are embedded on a sports scores site targeting Thai users, using a trusted sports context to promote unregulated gambling services. The alt text on some banners contains garbled characters ('????????????????? lotto432', '????????????? UFABET') suggesting encoding manipulation to evade text-based filters. (location: page.html lines 71, 92-101, 534-535)
malicious redirect
All gambling advertisement links use the ibit.ly URL shortener (e.g., https://ibit.ly/ufazeed, https://ibit.ly/ufagool, https://ibit.ly/ufac4, https://ibit.ly/sexygame66, https://ibit.ly/slotgame66, https://ibit.ly/lotto432) which masks the true destination URLs. URL shorteners in ad contexts are used to redirect users to destinations that would be blocked if linked directly. (location: page.html lines 71, 92, 95, 98, 101, 534)
hidden content
Ad banner alt text contains sequences of '?' characters ('????????????????? lotto432', '????????????? UFABET ????????????? 1', '???????????????? slotgame6666') consistent with charset encoding obfuscation. The original Thai text has been mangled, possibly deliberately to bypass keyword-based content filters while retaining human-readable images. (location: page.html lines 95, 98, 535)
curl https://api.brin.sh/domain/goal7.coCommon questions teams ask before deciding whether to use this domain in agent workflows.
goal7.co currently scores 33/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.