context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
phishing
1 deceptive links where visible host does not match destination host
brand impersonation
Site app-1xbet.ng impersonates the official 1xBet brand (1xbet.com), using identical branding, logos, and claiming to be the 'official website' of 1xBet Nigeria. The domain is not affiliated with the legitimate 1xbet.com and presents itself as an authoritative review and login portal for the real brand. (location: page.html: <title>, meta og:url, og:title, and throughout page body)
phishing
The site mimics the official 1xBet Nigeria platform to drive user registrations and logins through an unauthorized affiliate domain (app-1xbet.ng). Users believing they are on the official site may submit personal and financial credentials to a third-party operator. (location: page.html: registration and login CTAs linking to https://app-1xbet.ng/_go and https://app-1xbet.ng/registration)
malicious redirect
10 occurrences of an undisclosed affiliate redirect via https://app-1xbet.ng/_go intercept user navigation. One of these links displays 'www.1xbet.com' as anchor text while the href points to the redirect endpoint, masking the actual destination from users and AI agents parsing link text. (location: page.html: 10 instances of href='https://app-1xbet.ng/_go', including table row showing 'Website: www.1xbet.com')
social engineering
Aggressive bonus and promo-code marketing is used to lure users into registering: '150,000 NGN Bonus with Promo Code', '130,000 NGN sign-up bonus', 'Happy Friday up to $100', 'Wednesday deposit doubled'. These incentives are designed to pressure users into submitting personal and financial information on a non-official domain. (location: page-text.txt: promotional sections and page.html: .promocode blocks and layout-head__buttons)
credential harvesting
The site presents 10 registration and login call-to-action links that route through the affiliate redirect /_go, collecting user engagement data and funneling users toward credential submission on a non-official domain. The site instructs users to submit email, phone, social media credentials, and financial deposit information. (location: page.html: 10 href='https://app-1xbet.ng/_go' CTAs labeled Registration, Login, Register in 1xBet, Go to 1xBet, Make a Deposit, Place a Bet)
hidden content
Two email addresses are obfuscated using Cloudflare's hex-XOR email encoding scheme: 'info-en@1xbet-team.com' and a duplicate instance. While this is a standard Cloudflare anti-scraping technique, the actual email domain (1xbet-team.com) is not the official 1xbet.com domain, and the obfuscation prevents straightforward inspection by automated agents. (location: page.html: data-cfemail='a5cccbc3ca88c0cbe594ddc7c0d188d1c0c4c88bc6cac8' and data-cfemail='afc6c1c9c082cac1ef9ed7cdcadb82dbcacec281ccc0c2')
malicious redirect
An external link to http://1xbet-senegal-officiel.com uses plain HTTP (non-HTTPS), exposing users to potential man-in-the-middle interception when following this link. The domain is also an unofficial 1xBet affiliate site. (location: page.html: href='http://1xbet-senegal-officiel.com' in language/region selector)
curl https://api.brin.sh/domain/app-1xbet.ngCommon questions teams ask before deciding whether to use this domain in agent workflows.
app-1xbet.ng currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.