context safety score
A score of 41/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
domain spoof risk
domain has spoofing indicators (punycode/confusable/highly synthetic naming)
encoded payload
suspicious base64-like blobs detected in page content
credential harvesting
The page presents a Korean-language login form collecting '이메일 주소' (email address) and '비밀번호' (password) fields. Critically, both password and email inputs use type='text' (not type='password'), meaning the password is displayed in plaintext. The form submits to //www.weebly.com/weebly/apps/formSubmit.php — a generic Weebly form handler — rather than any legitimate authentication backend, so credentials are harvested via form submission to a third-party aggregator endpoint. (location: page.html:180-215, form id='form-572568942324509508')
phishing
The domain uses a Punycode/IDN hostname (xn--zb0b93v.weebly.com) which renders as non-ASCII Korean characters in browsers, a classic technique to impersonate legitimate Korean-language services. The site presents a bare credential-collection page with no branding, no stated purpose, and no privacy policy, consistent with a phishing lure targeting Korean-speaking users. (location: metadata.json:1, .brin-context.md:4)
hidden content
The real login submit button is hidden off-screen using inline CSS 'position:absolute;top:0;left:-9999px;width:1px;height:1px', making it invisible to users but functional for form submission. This is a deliberate obfuscation to hide the true submit action while presenting a styled anchor element as the visible button, a technique used to disguise credential harvesting forms. (location: page.html:210)
obfuscated code
A JavaScript array of decimal char codes 'var r = [99,104,101,99,107,111,117,116,46,40,119,101,101,98,108,121,124,101,100,105,116,109,121,115,105,116,101,41,46,99,111,109]' is decoded at runtime via String.fromCharCode to construct a regex pattern used in cross-domain link tracking. Decoded value is 'checkout.(weebly|editmysite).com'. While the decoded value appears benign, the obfuscation technique (runtime char-code decoding) is a recognized method used to hide malicious payloads from static scanners. (location: page.html:364-374)
social engineering
The page title and navigation use Korean text '섬기는 사람' (meaning 'serving person' or 'servant') which provides no context about the site's purpose, while the only interactive element is a credential form. The absence of any legitimate branding, explanatory text, or context around the login form is consistent with a social engineering lure designed to collect credentials from users directed to this page via external phishing vectors (e.g., email, SMS). (location: page.html:4, page.html:301, page-text.txt:61-88)
curl https://api.brin.sh/domain/xn--zb0b93v.weebly.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
xn--zb0b93v.weebly.com currently scores 41/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.