context safety score
A score of 49/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
Navigation menu contains multiple outbound links to third-party ad/traffic broker domains (trustpielote.com zones 300, 301, 302 and fhgte.com) disguised as legitimate site sections ('AI JERK OFF', 'Live Sex', 'HD Porn', 'VOD'). These are affiliate traffic redirect links that route users through opaque intermediary domains with no clear disclosure. (location: page.html lines 201-226, nav menu <ul id='sf-menu'>)
malicious redirect
Third-party ad script loaded from stats.hprofits.com (advertisement.min.js) — an ad network domain with no transparency. This script runs synchronously in the page head and has full DOM access, capable of injecting redirects or tracking beacons. (location: page.html line 40: <script src='https://stats.hprofits.com/advertisement.min.js'>)
malicious redirect
Native ad content injected dynamically via NativeAdTrade library loaded from cdn26121759.ahacdn.me/native4/main.js — an obfuscated CDN subdomain. The library inserts video thumbnails and links into the page pointing to gayporn.xxx, a separate domain not disclosed to the user. This pattern can be used for cloaked traffic redirection. (location: page.html lines 964-990, 1521-1546 (repeated pattern throughout page at each ad placeholder block))
social engineering
Menu items 'AI JERK OFF', 'Live Sex', 'HD Porn', and 'VOD' are styled identically to legitimate navigation items but link to external third-party traffic broker URLs (trustpielote.com, fhgte.com), misleading users into clicking affiliate redirect links while believing they are navigating within the site. (location: page.html lines 201-226)
hidden content
Multiple empty placeholder <div class='thumb js-thumb placeholder'> elements with blank href attributes are scattered throughout the page. These are populated at runtime by the NativeAdTrade external script, meaning the actual destination URLs and content are not present in the static HTML and cannot be inspected — effectively hiding ad destinations from static analysis. (location: page.html lines 803-831, 1360-1388, 1917-1945, 2474-2502 (repeating pattern))
social engineering
Page meta referrer policy set to 'unsafe-url', which sends the full URL (including any query parameters) as the Referer header to all external destinations including third-party ad networks and redirect brokers. This leaks user browsing context to external parties without disclosure. (location: page.html line 5: <meta name='referrer' content='unsafe-url'>)
curl https://api.brin.sh/domain/boy18tube.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
boy18tube.com currently scores 49/100 with a suspicious verdict and medium confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.