context safety score
A score of 48/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
phishing
1 deceptive links where visible host does not match destination host
social engineering
The page presents itself as a legitimate music streaming/download service ('MuzCe') offering free MP3 320kbps downloads 'without registration', a common lure tactic used by piracy-adjacent sites to drive high user engagement and ad impressions. The subdomain arhic.muzce.com is a dynamically generated search-result page designed to appear as an authoritative music catalog, which can mislead users into trusting the site's download links. (location: page.html:1-5, page-text.txt:138-139)
hidden content
The LiveInternet counter image is initialized with a 1x1 transparent GIF via inline base64 data URI (data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7) and then immediately replaced via JavaScript with a tracking beacon URL that sends referrer, screen dimensions, color depth, full page URL, and page title to counter.yadro.ru. While this is a common analytics pattern, the base64-encoded placeholder accounts for a portion of the 12 suspicious base64 blobs flagged by Tier 2, and the tracker exfiltrates user metadata (referrer, URL, title, screen info) without explicit user consent notice visible on the page. (location: page.html:1499-1506)
hidden content
A third-party script is loaded from muzce.39o.ru (a subdomain of 39o.ru, distinct from muzce.com) with parameters including encoded site identifiers: 'https://muzce.39o.ru/muzce.yan?u=eZWL&pt1=muzce.com&pt2=510&pt3=php'. This cross-domain script load to an off-brand domain (39o.ru) with obfuscated query parameters is suspicious. It is loaded with 'defer' and could execute arbitrary code. The domain 39o.ru is unrelated to muzce.com and could be a data collection or ad injection endpoint. (location: page.html:1514)
hidden content
A third-party script is loaded from ru.viadata.store: 'https://ru.viadata.store/v2/comm_min.js?sid=109170'. This is a known ad/pop-under network script. While not inherently malicious, it is loaded asynchronously and can inject ads, pop-unders, or redirects without user interaction. The domain viadata.store is an ad network associated with aggressive advertising behavior. (location: page.html:1534)
social engineering
One track listing embeds an external domain watermark in its title: 'Astvac Pahi wWw.Erger.Net'. This advertises a third-party site (erger.net) within audio track metadata, which is a common technique to drive traffic to potentially unvetted external sites via SEO-indexed music metadata. (location: page.html:552, page-text.txt:398)
social engineering
The Tier 2 scan flagged 1 deceptive link. The LiveInternet counter anchor tag links to 'https://www.liveinternet.ru/click' with target='_blank', which is a tracker redirect link rather than a direct destination URL. Users clicking the counter badge are redirected through liveinternet.ru's click-tracking infrastructure, obscuring the actual destination. (location: page.html:1498-1501)
curl https://api.brin.sh/domain/arhic.muzce.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
arhic.muzce.com currently scores 48/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.