context safety score
A score of 36/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
phishing
2 deceptive links where visible host does not match destination host
malicious redirect
The domain annenmaykantereit-parcels.hydr0.org is a typosquatting/subdomain impersonation site that immediately redirects visitors to mp3.cc (canonical URL set to https://mp3.cc/t/3380104562-annenmaykantereit-parcels/). The subdomain uses the artist name as a lure to redirect users to a third-party MP3 piracy site. The brin-context confirms 1 redirect detected. (location: page.html:9 - <link rel="canonical" href="https://mp3.cc/t/3380104562-annenmaykantereit-parcels/">)
brand impersonation
The domain annenmaykantereit-parcels.hydr0.org impersonates the real musical artists AnnenMayKantereit and Parcels by incorporating their names directly into the subdomain. The page presents itself as an official or authoritative source for their music while actually being an unofficial MP3 piracy/scraper site operating under the hydr0.org infrastructure. The page title also spoofs 'MP3.cc' branding. (location: metadata.json - domain: annenmaykantereit-parcels.hydr0.org; page.html:5 - <title>Annenmaykantereit Parcels | Download mp3 free, listen music online - MP3.cc</title>)
malicious redirect
All audio file play links resolve through fine.sunproxy.net, a third-party proxy/intermediary domain, using long base64-encoded path tokens. This routes user audio traffic and potentially browser fingerprinting through an opaque proxy infrastructure not affiliated with the apparent site operator, creating an exfiltration or tracking vector. (location: page.html:228,247,266,285,304,323,342,361,380,399,418,437,456,475,494,513,532,551,570,589 - data-url="https://fine.sunproxy.net/file/NDgw...")
hidden content
The page contains 12 suspicious base64 blobs (as flagged by Tier 2 analysis) embedded in the audio file URLs via fine.sunproxy.net paths. These are long opaque base64-encoded tokens that obscure the true destination of media file requests, preventing users and security tools from inspecting actual resource URLs. (location: page.html - all data-url attributes containing base64 strings in fine.sunproxy.net/file/ paths)
social engineering
The site presents itself as a legitimate free MP3 download service ('Download mp3 free, listen music online - MP3.cc') hosted on a subdomain that impersonates popular artists. This social engineering tactic is designed to lure users searching for the artists' music into visiting and using an unofficial piracy service, which may expose them to unwanted software, tracking, or further redirects. (location: page.html:5 - <title> and page.html:9 - canonical link to mp3.cc)
malicious redirect
Two deceptive links were flagged by Tier 2 heuristics. Inspection shows song title links pointing to mp3.cc while the hosting domain is hydr0.org — the visible domain and actual serving domain differ, constituting deceptive link presentation that could mislead users or AI agents about the true origin of content. (location: page.html:229,248 - playlist-down anchor hrefs pointing to mp3.cc from hydr0.org subdomain)
curl https://api.brin.sh/domain/annenmaykantereit-parcels.hydr0.orgCommon questions teams ask before deciding whether to use this domain in agent workflows.
annenmaykantereit-parcels.hydr0.org currently scores 36/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.