context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
phishing
1 deceptive links where visible host does not match destination host
brand impersonation
Site distributes modified ('MOD') versions of major branded apps including YouTube, TikTok, Telegram, Netflix, Spotify, Canva, Adobe Lightroom, NordVPN, WhatsApp, Duolingo, and dozens more. These are unofficial cracked APKs using official brand names, icons, and Google Play imagery to appear legitimate while bypassing official distribution channels. (location: page.html: Trending section, TOP Apps section — e.g. YouTube Premium Unlocked, TikTok Premium Unlocked, Telegram Premium Unlocked, NordVPN Premium Unlocked)
social engineering
The site systematically uses deceptive labels such as 'Premium Unlocked', 'Pro Unlocked', 'Subscription Unlocked', 'Gold Unlocked', 'Unlimited Coins', 'Aim, No Recoil' to entice users into downloading modified/cracked APKs of paid apps and games for free, exploiting desire for free access to paid content. (location: page.html and page-text.txt: throughout Trending, TOP Games, TOP Apps, New Apps, Recently Updated sections)
social engineering
The 'Free Fire' MOD APK is advertised with 'Aim, No Recoil' — explicitly advertising cheating/hacking modifications for an online multiplayer game, which can facilitate account compromise or expose users to trojaned APKs. (location: page.html line 159-161, page-text.txt line 153-154)
hidden content
A third-party ad script is loaded from the domain 'do.redbuckzincate.com' (not a well-known ad network), injected dynamically via an inline script inside ad-unit-2. This external script executes on page load from an unverified domain and could serve malicious ads or redirects. (location: page.html line 420: <script src="https://do.redbuckzincate.com/tINmh8MzjPqQjHHrG/50103" async></script>)
malicious redirect
An ad manager script ('admanager.js') and third-party ad loader from 'do.redbuckzincate.com' are used to dynamically inject ads. These ad injection mechanisms on piracy sites are commonly used to serve malvertising or redirect users to phishing/malware pages. (location: page.html line 4: admanager.js; page.html line 420: redbuckzincate.com ad script)
brand impersonation
'YouTube Morphe' and 'YouTube Music Morphe' are listed as apps — these are unofficial modified YouTube clients using YouTube's brand name and icon to distribute patched APKs outside official channels, impersonating Google's products. (location: page.html lines 353-369, page-text.txt lines 348-364)
social engineering
A 'Hacking Tools' app category is explicitly listed in the apps navigation menu, normalizing access to hacking utilities and potentially directing users to malicious tools. (location: page.html line 468, page-text.txt line 462: Hacking Tools category with 4 apps listed)
curl https://api.brin.sh/domain/apkmody.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
apkmody.com currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.