context safety score
A score of 39/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
domain spoof risk
domain has spoofing indicators (punycode/confusable/highly synthetic naming)
encoded payload
suspicious base64-like blobs detected in page content
phishing
The page impersonates 'Atenció al Client Generalitat de Catalunya' (Customer Service of the Government of Catalonia), a official Catalan government institution, hosted on a free Weebly site with a punycode domain. It presents a form collecting full name, email address, and password under the guise of a government service portal. (location: page.html:4, domain: xn--atencialclientgeneralitatdecatalunya-0qd.weebly.com)
brand impersonation
The site title, navigation, and page content all use 'Atenció al Client Generalitat de Catalunya' — the official name of the Catalonian Government's customer service — while hosted on a third-party free website builder (Weebly) with a deceptive punycode domain designed to visually approximate the real government brand. (location: page.html:4, page.html:114, page.html:146)
credential harvesting
A form on the page explicitly requests 'PASSW0RD' (with a zero substituted for the letter O to evade keyword filters) along with full name and email address. The password field uses type='text' (not type='password'), meaning credentials are displayed in plaintext. Form data is submitted to //www.weebly.com/weebly/apps/formSubmit.php, exfiltrating credentials to a third-party server. (location: page.html:195-200, page.html:167)
obfuscated code
A JavaScript array of ASCII character codes is decoded at runtime using String.fromCharCode() to construct a regex pattern. The decoded string resolves to 'checkout.(weebly|editmysite).com' — this obfuscation technique, while used here for Weebly's own analytics cross-domain linker, matches known obfuscation patterns used to hide malicious URLs or domain references from static scanners. (location: page.html:348-358)
social engineering
The site uses the trusted name and branding of a real government institution (Generalitat de Catalunya) to create false legitimacy and pressure users into submitting personal credentials. The form labels are in Catalan ('NOM COMPLET', 'ADREÇA DE CORREU ELECTRÒNIC', 'PASSW0RD') to target Catalan-speaking citizens who would recognise and trust the government brand. (location: page.html:172, page.html:187, page.html:195)
hidden content
The real submit button is hidden off-screen using CSS (position:absolute; top:0; left:-9999px; width:1px; height:1px), replaced by a styled anchor tag acting as the visual submit button. This disguises the actual form submission mechanism and may be used to bypass security tools that inspect visible UI elements. (location: page.html:212-215)
phishing
The site's storeCountry metadata is set to 'NG' (Nigeria) while the page impersonates a Spanish/Catalan government service targeting users in Catalonia, Spain. This geographic mismatch between the site operator's registered location and the impersonated entity's jurisdiction is a strong indicator of a fraudulent phishing operation. (location: page.html:104 (_W.storeCountry = 'NG'))
curl https://api.brin.sh/domain/xn--atencialclientgeneralitatdecatalunya-0qd.weebly.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
xn--atencialclientgeneralitatdecatalunya-0qd.weebly.com currently scores 39/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.