context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
js obfuscation
JavaScript contains heavy hex-escape encoding typical of obfuscation
malicious redirect
JavaScript on page load immediately redirects all visitors to a URL impersonating the French government fine payment portal (AMENDES.GOUV.FR) hosted on a third-party server (kjf.jfk.mybluehost.me). The redirect passes URL hash parameters (ref, date, courriel/email) directly into the destination URL, enabling targeted phishing with pre-filled victim data. (location: page.html:29-32, <script> block, window.location.href = randURLs[randURL])
phishing
The redirect destination path '/wp-content/plugin/AMENDES.GOUV.FR/antai/fr6548981/services/paiement/96/12/' explicitly mimics the French National Agency for Automated Offence Processing (ANTAI) payment service under amendes.gouv.fr, a legitimate French government site for paying traffic/parking fines. This is a government impersonation phishing page designed to steal payment or personal information. (location: page.html:29, redirect URL path containing AMENDES.GOUV.FR/antai/.../services/paiement/)
brand impersonation
The destination URL structurally impersonates the official French government domain 'amendes.gouv.fr' and its ANTAI (Agence Nationale de Traitement Automatisé des Infractions) fine payment service, embedded as a path component on a compromised WordPress host (mybluehost.me) to deceive victims into believing they are on a legitimate government site. (location: page.html:29, kjf.jfk.mybluehost.me/wp-content/plugin/AMENDES.GOUV.FR/antai/)
credential harvesting
The redirect URL includes query parameters 'courriel' (French for 'email'), 'ref', and 'date' sourced directly from the page's URL fragment/hash, indicating victims are driven to this page via targeted links (e.g., SMS/email campaigns) with their personal details pre-encoded. The downstream phishing page likely uses these to pre-fill a payment or credential form. (location: page.html:29, hash[0]/hash[1]/hash[2] mapped to ref/date/courriel parameters in redirect URL)
hidden content
The page body contains no visible content for users (empty blog, 'Aucun article'). The entire page serves solely as a redirect vehicle with no legitimate content, making the malicious redirect invisible to casual inspection and presenting a blank/empty appearance to hide its true purpose. (location: page.html:40-42, body div#main is empty; page-text.txt shows no human-readable visible content)
curl https://api.brin.sh/domain/hgabaaljanak.blogspot.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
hgabaaljanak.blogspot.com currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.