context safety score
A score of 42/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
crypto drainer
Page promotes fake airdrop or token claim with wallet interaction
phishing
The domain 'wallet-token-fix.web.app' is a fake crypto wallet support/sync site designed to harvest wallet credentials. It mimics a legitimate Web3 infrastructure service with fabricated terminology ('Multiverse Synchronization') to deceive users into connecting their wallets. The domain name itself ('wallet-token-fix') implies a repair/fix service to lure users with wallet problems. (location: https://wallet-token-fix.web.app — domain name and overall page structure)
credential harvesting
All clickable options (Migration, NFTs, Rectification, Integrate Wallet, Swap/Exchange, Transaction Delay, Claim Reward, Claim Airdrop, Debugging) and the primary 'Connect Wallet' CTA all redirect to '/wallets/' — a single funnel page almost certainly designed to collect wallet seed phrases, private keys, or authorization signatures under the guise of resolving issues. (location: page.html lines 137, 163, 189, 215 — href='wallets/' and data-column-clickable='/wallets/')
social engineering
The page uses urgency-triggering and problem-resolution language across all options: 'migrate seamlessly with no hassle,' 'stuck/delayed transactions,' 'reward claiming,' 'airdrop claiming,' 'debugging.' These are classic pretexts to convince victims they have an actionable problem requiring wallet access submission. (location: page.html lines 182, 208, 234, 263, 289, 315, 345, 371, 397)
brand impersonation
The page impersonates legitimate blockchain ecosystems by name-dropping 'Binance Chain', 'Ethereum Chain', and 'Polygon Network' in the animated typing script, and references 'Chain Cloud and Sequence' as infrastructure providers, creating false credibility. It also uses WordPress/Elementor stack with a shield favicon to appear as an established platform. (location: page.html lines 83-89 (typing animation strings), line 132 (body text), lines 59-62 (shield favicon))
malicious redirect
All user interaction paths — regardless of the stated issue (NFTs, swaps, rewards, debugging) — funnel to the same '/wallets/' endpoint. This universal redirect regardless of context is a hallmark of a credential-harvesting funnel disguised as a multi-option support portal. (location: page.html lines 137, 163, 189, 215 — all links and clickable columns point to '/wallets/')
prompt injection
The page title is simply 'Connect' with no brand identification, and the page uses vague, authoritative-sounding pseudo-technical language ('Multiverse Synchronization', 'blockchain cloud infrastructure', 'self-custodial multichain support') that could mislead AI agents into classifying the site as a legitimate Web3 service when summarizing or evaluating it. (location: page.html line 6 (title tag), line 132 (body description paragraph))
curl https://api.brin.sh/domain/wallet-token-fix.web.appCommon questions teams ask before deciding whether to use this domain in agent workflows.
wallet-token-fix.web.app currently scores 42/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.