context safety score
A score of 38/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
brand impersonation
Domain tataritv.com is impersonating the legitimate TV advertising company Tatari, whose canonical domain is tatari.tv. The site clones Tatari's full homepage content, branding, logos, and messaging while operating from a lookalike domain. All canonical tags, og:url, and schema.org sameAs links within the cloned page point back to the legitimate tatari.tv domain, confirming this is a spoofed copy. (location: domain: tataritv.com vs legitimate tatari.tv; page.html canonical link: https://www.tatari.tv/; og:url: https://www.tatari.tv/)
credential harvesting
The cloned site presents a fully functional 'Schedule Demo' call-to-action button (href='/schedule-demo') that would collect business contact information, company details, and potentially billing/account data from victims who believe they are contacting the legitimate Tatari advertising platform. This targets marketing professionals and advertisers seeking TV ad services. (location: page.html: <a target='_self' href='/schedule-demo'> inside #GetStarted-TatariTv div)
phishing
The site tataritv.com clones the legitimate tatari.tv advertising platform to deceive users into believing they are interacting with the real Tatari company. The lookalike domain (tataritv.com vs tatari.tv) combined with fully replicated UI and content constitutes a targeted phishing site aimed at business users and advertisers. (location: domain: tataritv.com; page.html title: 'Tatari: Data Driven TV Advertising'; meta description mirrors legitimate site)
social engineering
The hidden content in page-hidden.txt contains persuasive copy targeting both small spenders and large enterprise advertisers ('Whether you're new to TV or spending $100m per year'), as well as a specific agency-targeting message ('MY AGENCY DOES NOT OFFER TV'), designed to engage a broad range of business victims and funnel them into demo/contact flows on a fraudulent site. (location: page-hidden.txt line 2: agency targeting copy; line 1: '$100m per year' spend framing)
malicious redirect
The LD+JSON schema.org block embeds a logo image from an external third-party free image hosting service (postimg.cc) rather than the legitimate Tatari CDN (ctfassets.net used in og:image). This external image reference could be used for tracking visitor IPs, fingerprinting, or redirecting via image replacement, and is inconsistent with a legitimate site's asset hosting. (location: page.html ld+json: "image": "https://i.postimg.cc/h4JcpDFd/1.png")
curl https://api.brin.sh/domain/tataritv.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
tataritv.com currently scores 38/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.