context safety score
A score of 36/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
brand impersonation
The page is a full replica of the official LiveChat® homepage (livechat.com), including registered trademarks, logos, product copy, and all branding assets, served from the unrelated domain livechatenterprise.com. The canonical tag points to www.livechat.com, confirming the content is copied from the legitimate site. (location: page.html:8 - title tag; page.html:58 - canonical href=https://www.livechat.com/; metadata.json - domain: livechatenterprise.com)
credential harvesting
Multiple email signup forms on the page submit to https://accounts.livechat.com/signup with embedded OAuth parameters (client_id, redirect_uri=https://my.livechatinc.com, response_type=token). Visitors deceived by the impersonating domain may enter business email credentials believing they are on the official site, enabling account takeover or phishing via OAuth token theft. (location: page.html:734-743 (mobile signup form); page.html:1052-1061 (hero signup form); page.html:750-752 (Log in / Sign up free nav buttons))
phishing
The domain livechatenterprise.com hosts a pixel-perfect clone of the LiveChat® marketing homepage to deceive users into believing they are visiting the legitimate livechat.com. The site includes full navigation, pricing, testimonials, and CTAs designed to capture user trust and drive credential submission. (location: metadata.json - url: https://livechatenterprise.com; page.html:8 - title 'LiveChat® - The Best AI Live Chat Software for Business | LiveChat.com')
malicious redirect
All internal navigation links and CTA buttons point to www.livechat.com and my.livechatinc.com. Signup form actions redirect users via OAuth token flows to accounts.livechat.com. While the destination domains are legitimate, the impersonating origin domain is used to intercept user interaction before redirecting, creating a man-in-the-middle opportunity for session/token interception. (location: page.html:395 (productbar signup link); page.html:448 (Try Text link); page.html:752 (Sign up free nav CTA); page.html:1057 (hidden OAuth redirect_uri field))
social engineering
The page reproduces authentic customer testimonials, logos of well-known brands (PayPal, Shopify, McDonald's, etc.), star ratings, and statistics ('35,000+ companies', '25% increase in average order value') to establish false legitimacy and lower visitor defenses. This social proof is used to make the impersonating domain appear trustworthy. (location: page-text.txt:749 ('35,000+ companies have experienced...'); page-text.txt:2762-3125 (customer review section); page-text.txt:1339 ('25% increase in average order value'))
curl https://api.brin.sh/domain/livechatenterprise.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
livechatenterprise.com currently scores 36/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.