context safety score
A score of 48/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
cloaking
Page conditionally redirects based on referrer or user-agent
cloaking
Page loads content in transparent or zero-size iframe overlay
exfiltration
JavaScript intercepts form submissions to exfiltrate data
malicious redirect
The page dynamically loads a push notification SDK from 'cdn.pushmaster-cdn.xyz', a non-reputable CDN domain with a generic, unbranded name typical of adware/malvertising infrastructure. The script is injected via JavaScript (document.createElement + insertBefore) with a VAPID key and overlay enabled, meaning it can silently register service workers to deliver persistent push notifications. This pattern is associated with notification-spam and malicious redirect campaigns. (location: page.html line 82: window.pushMST_config / pushmasterTag.src='https://cdn.pushmaster-cdn.xyz/scripts/publishers/6351473b9d40ac00092ad988/SDK.js')
social engineering
The site performs geolocation-based ad targeting by fetching the visitor's IP country from an internal endpoint (/pub360/user_ip.php) and storing it in a cookie, then selectively displaying different ad creatives depending on whether the visitor is from Algeria or specific country groups (France, Spain, Belgium, Italy, Morocco, Algeria, Tunisia). This behavioral profiling and differential ad serving is a technique used to show benign ads to local/monitored audiences while serving aggressive or malicious ads to diaspora/foreign users, reducing detection risk. (location: page.html line 82 / page-text.txt lines 426-435: userCountry360 logic, country_category_3 array, setCookie_ads / getCookie_ads functions)
hidden content
Ad slots use display:none by default (pub1000F1, pub300F1, pub300F2 divs styled display:none inline) and are revealed only after client-side JS evaluates user geolocation and randomization. This means the actual ad content served to certain user segments is not visible in static analysis and could differ from what legitimate Algerian visitors see, concealing potentially malicious ad payloads from scanners. (location: page.html lines 201-204: id=pub1000F1 style=display:none, id=pub300F1 style=display:none, id=pub300F2 style=display:none)
curl https://api.brin.sh/domain/algerie360.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
algerie360.com currently scores 48/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.