context safety score
A score of 48/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
credential harvesting
credential form posts to an off-domain endpoint (may be legitimate SSO/OAuth)
malicious redirect
script/meta redirect patterns detected in page source
brand impersonation
The scanned domain is tresensa.com, but the page served is entirely branded as Liftoff (liftoff.ai). All content, logos, navigation, meta tags, canonical URLs, and structured data reference liftoff.ai, not tresensa.com. tresensa.com is either forwarding/serving liftoff.ai content without authorization, or is a domain that has been repurposed to impersonate the Liftoff brand. (location: metadata.json domain=tresensa.com vs page.html canonical href=https://www.liftoff.ai/ and all page content)
malicious redirect
The domain tresensa.com is serving the full Liftoff homepage (liftoff.ai) content including its canonical URL, Open Graph URLs, and structured data all pointing to liftoff.ai. This indicates an unauthorized domain redirect or domain hijack where tresensa.com is impersonating or proxying liftoff.ai, potentially intercepting user sessions or serving modified content. (location: page.html line 69: canonical href=https://www.liftoff.ai/ ; metadata.json url=https://tresensa.com)
brand impersonation
The JSON-LD structured data on the page references a mix of liftoff.cn and liftoff.ai as the website/organization identity (WebSite @id=https://liftoff.cn/#website, Organization @id=https://liftoff.cn/#organization) while the visible content and canonical URL reference liftoff.ai. This cross-domain identity mixing in schema markup is anomalous and may indicate content scraped or proxied from multiple Liftoff regional domains. (location: page.html line 75: JSON-LD script with @id references to liftoff.cn alongside liftoff.ai content)
hidden content
Cookie policy and privacy policy links in the Complianz GDPR banner configuration point to liftoff.cn/ko/ (Korean locale of the China domain) rather than liftoff.ai, which is inconsistent with the rest of the page. This mismatch may indicate the page was assembled from scraped or proxied content from multiple regional Liftoff domains. (location: page.html line 1357: complianz config page_links cookie-statement url=https://liftoff.cn/ko/cookie-policy/ and privacy-statement url=https://liftoff.cn/ko/privacy-policy/)
curl https://api.brin.sh/domain/tresensa.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
tresensa.com currently scores 48/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.