context safety score
A score of 42/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
phishing
1 deceptive links where visible host does not match destination host
social engineering
Site presents itself as a free, no-registration MP3 download platform ('бесплатно и без регистрации') serving copyrighted Eagles music. This is a piracy/copyright-infringing service that socially engineers users into downloading potentially untrusted MP3 files from muzce.com/file/ endpoints without any verification of file integrity or safety. (location: page.html:182-184, page-text.txt:138-139)
malicious redirect
A third-party script is loaded from a suspicious domain 'muzce.39o.ru' (note: not the main muzce.com domain) with tracking parameters. The '39o.ru' domain is a separate, potentially unrelated domain used to serve JavaScript, which could be used for redirection, tracking, or payload delivery outside the main site's control. (location: page.html:1514)
hidden content
A LiveInternet tracking pixel is initially set to a transparent 1x1 GIF via a base64 data URI (data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7) and then dynamically replaced via JavaScript with a tracking beacon to counter.yadro.ru that exfiltrates the page URL, referrer, screen dimensions, color depth, and page title. This constitutes covert user tracking. (location: page.html:1500-1506)
hidden content
One track entry (data-artist='') has an empty artist field rendered as blank in the UI but still links to a download page (take-it-easy-2dvxIh.html). The data-track URL points to a muzce.com/file/ endpoint. The anomalous empty artist may indicate a placeholder or injected entry that does not correspond to a legitimate track listing. (location: page.html:1317-1329)
social engineering
The site uses a subdomain (eagles-take-it-easy.muzce.com) specifically named after a copyrighted song and artist to appear as a legitimate search result for that music, attracting users searching for official Eagles content and directing them to download pirated MP3 files. The deceptive link count of 1 flagged in the pre-scan context is consistent with the one track item whose data-track attribute points to the item page URL rather than a direct MP3 file (line 837: Zane Ezra track data-track points to an .html page rather than an .mp3 file, unlike all other tracks). (location: page.html:837, .brin-context.md:30)
hidden content
Twelve suspicious base64 blobs were flagged by pre-scan heuristics. The only visible base64 in the page is the LiveInternet tracking pixel GIF (data:image/gif;base64,...). The remaining base64 content is likely embedded in the long obfuscated MP3 file tokens in data-track attributes (URL-safe base64-like strings used as file tokens for muzce.com/file/ endpoints), which are not directly decodable as injection payloads but represent opaque server-side token encoding that obscures the actual file paths. (location: page.html:187,200,213 (data-track attributes throughout), .brin-context.md:26)
curl https://api.brin.sh/domain/eagles-take-it-easy.muzce.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
eagles-take-it-easy.muzce.com currently scores 42/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.