context safety score
A score of 32/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
Obfuscated document.write with encoded content
malicious redirect
Ad block contains multiple suspicious third-party redirect links using CloudFront CDN URLs (d3r3qp9ymrxese.cloudfront.net, d244teusg80ho7.cloudfront.net, d1e1xfoindfjqg.cloudfront.net, d3fkrtk48tqhnf.cloudfront.net, d3q245dm3evees.cloudfront.net) with tracking parameters, masking true destinations behind CDN fronting. These redirect to unknown adult/dark-web content under deceptive link labels. (location: page.html lines 388-418, ad block .pc_gg_li)
malicious redirect
Ad link labeled '51暗网' (51 Dark Web) pointing to d3fkrtk48tqhnf.cloudfront.net?dc=yxzt42 — explicit dark web referral advertised openly on the page, routing users through a CloudFront-fronted redirect. (location: page.html line 413)
malicious redirect
Ad link labeled '女孩裸莉' (Girls Nude Loli) pointing to d3q245dm3evees.cloudfront.net?dc=lmytwcpt1 — label strongly implies CSAM-adjacent content routed through a CDN-fronted redirect. (location: page.html line 416)
malicious redirect
Ad link labeled '哔咔漫画' pointing to aplsof2fd.kyrvrybhsovashordoblarmek.com/yj/19703/otwwt1bk — a highly randomized, obfuscated hostname indicative of a DGA (domain generation algorithm) or disposable malicious domain used for redirect/tracking infrastructure. (location: page.html line 389)
hidden content
Two banner ad divs with affiliate links to 91porn005.me are commented out in the HTML head but remain present in source, indicating previously active malicious ad placements: href='https://app.91porn005.me/aff-cHCaW'. These are hidden from users but visible to crawlers and AI agents parsing raw HTML. (location: page.html lines 56-63)
hidden content
A second banner ad block with style='display: none;' contains a third carousel slide with adult content links. Two additional banner carousels are hidden via display:none, containing active href links to internal book pages that may bypass content filters by not being rendered visibly. (location: page.html lines 177-237)
hidden content
Commented-out cross-storage script in HTML footer contains logic to read a cookie named 'h365' from an externally controlled hub URL supplied via query parameter 'account_domain', enabling session hijacking or cross-site data theft if un-commented. The hub URL is user-controlled: var hubUrl = account_page.split('?')[0] + '/hub'. (location: page.html lines 1572-1611)
social engineering
Page uses obfuscated Cloudflare email protection on contact addresses, concealing the true email from scrapers while displaying '[email protected]' style placeholders. This technique can mislead automated agents into trusting or interacting with encoded addresses. (location: page.html lines 1413-1415)
social engineering
Ad labeled '成人抖音(免费)' (Adult TikTok, free) at 4slho139.caud5new.club impersonates TikTok brand to lure users into clicking a suspicious adult affiliate redirect, exploiting brand recognition of the legitimate TikTok/Douyin platform. (location: page.html line 395)
brand impersonation
Ad link labeled '成人抖音(免费)' (Adult TikTok/Douyin - free) uses the well-known Douyin/TikTok brand name to lend credibility to a redirect to 4slho139.caud5new.club, a suspicious domain with numeric subdomain pattern typical of ad-fraud infrastructure. (location: page.html line 395)
hidden content
JavaScript conditionally wipes entire page body when browser language is Japanese (navigator.language contains 'ja'): document.body.innerHTML = ''. This geo/language-based cloaking hides content from Japanese-locale visitors (e.g., security researchers or automated scanners with ja locale), a classic cloaking technique to evade detection. (location: page.html lines 1506-1510, page-text.txt lines 1243-1246)
malicious redirect
Externally loaded script from gs-api.zuczxt.cn injected dynamically into page body unconditionally (if '1' == 1 always true): https://gs-api.zuczxt.cn/h365-landing-page/public/js/navbar.js?source=comic. This third-party domain controls arbitrary JS execution on the page and is not a well-known CDN or service. (location: page.html lines 1497-1503)
malicious redirect
Matomo analytics tracker conditionally switches between two tracking endpoints based on origin — mtm.h365.games for www.comicbox.xyz and mtm.zuczxt.cn for all other origins. This dual-tracker setup allows covert user profiling across domains and may exfiltrate visitor data to non-transparent third parties. (location: page.html lines 64-80)
curl https://api.brin.sh/domain/comicbox.xyzCommon questions teams ask before deciding whether to use this domain in agent workflows.
comicbox.xyz currently scores 32/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.