context safety score
A score of 33/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
cloaking
Page checks user-agent for bot/crawler strings to serve different content
cloaking
Page conditionally redirects based on referrer or user-agent
js obfuscation
JavaScript uses Function constructor for runtime code generation
social engineering
Site distributes an unofficial APK (CricFy TV) while explicitly instructing users to disable Android's 'Unknown Sources' security restriction to install it. This is a classic social engineering technique that conditions users to bypass mobile OS security controls to install unverified third-party software, exposing them to potential malware. (location: page.html:971-996, page-text.txt:424-450)
malicious redirect
JavaScript intercepts all link clicks site-wide after 2+ page views and forces users through a rewarded ad modal before reaching their destination (window.location.href=pendingURL). This covert click-hijacking redirects navigation through the ad system without user awareness, and could be used to redirect to malicious destinations if the ad slot is compromised or swapped. (location: page.html:920-929, page.html:1495-1504)
obfuscated code
Custom base64 encode/decode functions (b64e, b64d, b2a, a2b) are present inline in the page script and used by the ad injection framework to decode and insert content (b64d(u)) dynamically at runtime. This pattern is used to hide ad payload content from static scanners and could be leveraged to inject arbitrary HTML/JS. (location: page.html:932-934, page.html:1507-1509)
social engineering
The page claims to be the 'official' source for a streaming APK ('official and latest update', 'official developer'), yet the footer disclaimer states 'Cricfy.net is an independent informational blog...It is not affiliated, associated, or connected in any way with similar applications'. This contradiction is deceptive and manipulates user trust to encourage APK downloads. (location: page.html:892, page.html:1319, page-text.txt:346, page-text.txt:773)
social engineering
The page promotes 'cricfys.com' as an alternative download mirror framed as an 'official source', driving users to a separate domain with no verified affiliation. Redirecting users to unverified mirror sites for APK downloads increases the risk of serving modified/malicious APKs. (location: page.html:892, page-text.txt:346)
hidden content
Multiple scripts use the non-standard MIME type '76bf3b6980477d2046a43b7c-text/javascript' instead of 'text/javascript' for script tags. This appears to be a Cloudflare Rocket Loader pattern that defers script execution, but it conceals script content from naive parsers and static analysis tools scanning for active JavaScript. (location: page.html:91-92, page.html:1440, page.html:1444, page.html:1506)
curl https://api.brin.sh/domain/cricfy.netCommon questions teams ask before deciding whether to use this domain in agent workflows.
cricfy.net currently scores 33/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.