context safety score
A score of 45/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
External script loaded from 'https://cdnfiles.azurewebsites.net/urlz' — an Azure-hosted CDN asset with no clear ownership association to urlz.fr. This is a non-standard, potentially attacker-controlled third-party script that can redirect users or inject malicious content. The surrounding markup also contains comment/PHP injection artifacts ('*/ ?>') suggesting possible server-side template injection or code smuggling. (location: page.html:227)
obfuscated code
All script tags use a non-standard type attribute value '7c68ea119546565549d97a7f-text/javascript' instead of 'text/javascript'. This is a Cloudflare Rocket Loader obfuscation technique that defers script execution, but it also masks the true nature of loaded scripts and can be abused to bypass content security policies or hide malicious script loading from naive scanners. (location: page.html:8,10,177,193,198,203,210,211,217,218,225,227)
hidden content
JavaScript code rendered as visible text in page-text.txt (lines 41-46: gtag dataLayer code) indicates script content leaking into the visible text layer, suggesting possible rendering anomalies or hidden/injected script blocks that are not properly contained within script tags and may be parsed differently by AI agents processing page text. (location: page-text.txt:41-46)
hidden content
Stray '*/ ?>' characters appear at the end of the page body (line 227 in page.html, line 49 in page-text.txt), which are PHP/CSS comment closing sequences. This suggests either a server-side template rendering artifact or an attempt to break out of a comment/string context, potentially exploitable for code injection in certain server-side or AI processing contexts. (location: page.html:227, page-text.txt:49)
prompt injection
The site is a URL shortener (urlz.fr) whose core function is to shorten and redirect URLs. AI agents processing or following shortened URLs from this service would be redirected to unknown destinations without prior visibility into the target. This is a classic prompt/agent injection vector: an attacker can submit a malicious URL, receive a shortened urlz.fr link, and use that link to deceive AI agents into visiting attacker-controlled destinations believing it is a trusted domain. (location: page.html:195-206 (URL submission form))
social engineering
The page displays a total link count ('URLz minimise 7 405 749 liens au total') to establish legitimacy and trust, a common social proof tactic used to lower user/agent suspicion before redirecting to potentially malicious shortened URLs. (location: page.html:197)
curl https://api.brin.sh/domain/urlz.frCommon questions teams ask before deciding whether to use this domain in agent workflows.
urlz.fr currently scores 45/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.