context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
social engineering
Site operates as an online gambling platform (casino, cricket betting, IPL/BPL wagering) targeting users in Bangladesh. The .club TLD combined with numeric suffix (krikya11) is a classic pattern for rotating affiliate/mirror gambling domains designed to evade blocks, potentially luring users into unregulated financial activity. (location: metadata.json: domain=krikya11.club; page.html: og:title, og:description, meta keywords)
brand impersonation
The domain krikya11.club impersonates or mirrors the 'Krikya' brand. The HTML references multiple other krikya-branded domains (krikya99, krikya.best, krikya.pro, krikya.app, krikya-play.club, krikya88.com, www.krikya88.com), indicating a network of mirror/clone sites sharing tracking pixels and analytics under slightly varied domain names — a hallmark of brand-squatting mirror site networks used to circumvent regulatory blocks. (location: page.html lines 63-67, 133, 146, 160)
malicious redirect
Commented-out domain allowlist code (allowedDomains check for krikya.best, krikya.pro, krikya.app) was deliberately disabled, meaning a third-party ad script from adscool.net is injected unconditionally regardless of the current domain. This allows the adscool.net script to execute on any domain that copies this codebase, enabling potential cross-domain ad injection and redirect chains. (location: page.html lines 62-77: adscool.net/resources/content/krikya.js injection with commented-out domain guard)
hidden content
A 1x1 pixel invisible Facebook tracking pixel (noscript fallback img) is embedded unconditionally loading from facebook.com with pixel ID 733734669325653, tracking all page visitors silently even without JavaScript. A second Facebook pixel (ID 853306238980515) is similarly embedded. These covert beacons harvest visitor identities tied to Facebook accounts without explicit user consent disclosure. (location: page.html lines 143-146, 179-181: noscript img tags with style=display:none)
hidden content
A zero-dimension GTM iframe (height=0 width=0 style=display:none;visibility:hidden) is present in the rendered page text, loading Google Tag Manager in a hidden context. While GTM itself is legitimate, hidden iframes are a known vector for covert data collection and script injection not visible to users. (location: page-text.txt line 1: GTM iframe id=GTM-K5P4N4L)
obfuscated code
The Sportradar tag manager script uses single-letter obfuscated variable names (a,b,c,d,e,f) with no comments, dynamically constructing and injecting a script from tm.ads.sportradar.com. While sportradar is a known ad network, the obfuscated self-executing pattern combined with a gambling context warrants flagging as potentially unwanted script injection. (location: page.html lines 115-121: sportradar IIFE with obfuscated params)
social engineering
The site requires JavaScript to function (hard-gated SPA) and displays a coercive message 'We're sorry but the system doesn't work properly without JavaScript enabled. Please enable it to continue.' This is a common social engineering technique to pressure users into enabling JS execution, which then loads the full gambling interface and all tracking/ad scripts. (location: page-text.txt line 1; page.html: noscript message)
curl https://api.brin.sh/domain/krikya11.clubCommon questions teams ask before deciding whether to use this domain in agent workflows.
krikya11.club currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.