context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
cloaking
Page conditionally redirects based on referrer or user-agent
brand impersonation
The page at sams.com.mx renders a Sam's Club / Walmart branded identity-verification challenge. It loads Walmart-owned assets (fonts from i5.walmartimages.com, the 'Bogle' typeface, the Sam's Club SVG logo in Walmart blue #0067A0) and injects window.walmart.analytics while the hosting domain is sams.com.mx — a Mexican ccTLD not controlled by Walmart Inc. The page faithfully clones the Sam's Club visual identity to deceive users into believing they are interacting with the legitimate retailer. (location: page.html – <header> SVG logo, CSS font import from i5.walmartimages.com, window.walmart.analytics data layer)
credential harvesting
The page title is 'Verify Your Identity' and the visible prompt is 'Mantén presionado el botón para confirmar que no eres un robot.' The PerimeterX (px) CAPTCHA widget (_pxAppId='PX87wpO5aK') is loaded from a first-party path /px/<appId>/init.js and /px/<appId>/captcha/captcha.js, meaning all challenge telemetry (keystrokes, mouse, device fingerprint) is routed through sams.com.mx rather than a legitimate Sam's Club backend. This enables harvesting of behavioral biometric and session data under the guise of bot protection. (location: page-text.txt – window._pxAppId block; page.html line 2 – blockScript src construction)
social engineering
The identity-verification framing ('Verifica tu identidad', 'Mantén presionado el botón para confirmar que no eres un robot') creates urgency and authority cues that pressure users to interact and submit behavioral/biometric data. Combining a trusted brand logo with a 'robot check' is a classic social-engineering pattern to lower user suspicion before credential or session theft. (location: page.html <body> visible text; page-text.txt line 1)
phishing
sams.com.mx impersonates Sam's Club (a Walmart brand) with a full visual clone — logo, color palette, typography, and analytics namespace — presented to users who likely arrived via a spoofed link or redirect. The page captures user interaction under a false identity context, satisfying the definition of a phishing page. (location: page.html – overall page structure, header SVG, CSS, analytics namespace)
malicious redirect
The Adobe DTM launch script is loaded from //assets.adobedtm.com/launch-ENb669ecb013cf4aa89de0580c69e13c1a.min.js using a protocol-relative URL, and the PerimeterX captcha script src is dynamically constructed from a URL parameter 'g' (var hc=getUrlParam('g','a')) without sanitization of that parameter before injecting it into the script URL. This allows an attacker controlling the 'g' query parameter to influence the captcha JS endpoint, potentially redirecting script loading to a malicious host. (location: page.html line 9 – launchScript.src; page-text.txt – captchajs construction with unsanitized 'g' parameter)
hidden content
The window.walmart.analytics.dataLayer object silently collects persistentID (from the walmart.id cookie), referrer, host, and language on page load and ships it to Adobe DTM without any visible disclosure to the user. The data collection is embedded in a non-visible script block and not disclosed in the page UI. (location: page.html line 8 – window.walmart.analytics.dataLayer definition)
curl https://api.brin.sh/domain/sams.com.mxCommon questions teams ask before deciding whether to use this domain in agent workflows.
sams.com.mx currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.