context safety score
A score of 37/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
phishing
2 deceptive links where visible host does not match destination host
malicious redirect
The page is hosted on subdomain block-crown-all-about-islands.hydr0.org but uses a canonical URL pointing to mp3.cc, and all internal links, assets (CSS/JS), and branding reference mp3.cc. The actual serving domain (hydr0.org) is a shadow/mirror domain not disclosed to users, creating a deceptive redirect/proxy relationship where users believe they are on mp3.cc. (location: page.html line 9 (canonical), line 5 (title), metadata.json domain field)
brand impersonation
The site at hydr0.org fully impersonates MP3.cc — it reproduces the MP3.cc logo, title, branding, navigation, footer copyright ('© 2017–2026 MP3.cc'), and all UI. Users have no indication they are not on the legitimate mp3.cc domain. The hydr0.org domain is unrelated to mp3.cc. (location: page.html lines 5, 33-36, 671)
malicious redirect
All audio file URLs (data-url attributes) route through fine.sunproxy.net, a third-party proxy/CDN domain not affiliated with mp3.cc. Media files are served via this intermediary, enabling traffic interception, payload injection, or user tracking without consent or disclosure. 12 suspicious base64 blobs (flagged in pre-scan) appear within these fine.sunproxy.net file paths as encoded parameters. (location: page.html lines 228, 247, 266, 285, 304, 323, 342, 361, 380, 399, 418, 437, 456, 475, 494, 513, 532, 551, 570, 589, 608, 627 (all data-url attributes))
hidden content
The 12 base64 blobs embedded in fine.sunproxy.net file URLs (e.g. NDgwdkFuTUxJZ0tHbEJUVFE0QUZzNUtmT3Q5UlZlNlAveTNlSGJkYkhOS1hKaUp5aUhMa2VCQlVLRm5kWEJydlRNaFRKQTI4VGxqWFBOYjRKNEVtcjVPckZQWlR6ZWF6a1VGalpGV1ZERmc9) are opaque encoded path components. While individually they may be encrypted file tokens, their use as routing parameters through an undisclosed proxy is potentially used to obfuscate true destination or payload delivery. (location: page.html — all data-url attributes on playlist-play anchor elements)
social engineering
The site presents itself as a free MP3 download and streaming service (implied legitimacy via MP3.cc branding) while operating from an unrelated domain (hydr0.org). The contact email 'hydrofm@yandex.com' in the footer uses a Yandex address inconsistent with a legitimate Western music platform, suggesting the operator is concealing identity while exploiting trusted branding to attract users into using the service. (location: page.html line 671 (footer copyright and email))
malicious redirect
Deceptive link count of 2 was flagged in Tier 2 pre-scan. The 'Online Radio' sidebar link (https://looz.net/) leads to an entirely different external domain with no relationship to mp3.cc, opened in a new tab (_blank) with class 'z__important'. This external off-brand redirect is not disclosed as a third-party site. (location: page.html lines 204-215)
curl https://api.brin.sh/domain/block-crown-all-about-islands.hydr0.orgCommon questions teams ask before deciding whether to use this domain in agent workflows.
block-crown-all-about-islands.hydr0.org currently scores 37/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.