context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
hidden content
Ad banner div with style='display:none' injected by Zeta CX insight ad network (insightad / loveh-SP targeting), keyword-driven ad injection that is invisible to users but serves targeted content based on search parameters. (location: page.html:224-232)
hidden content
Social share button widget contains a hidden span element with class 'ninja_onebutton_hidden' and explicit style='display:none', potentially used for click-jacking or hidden tracking. (location: page.html:1441)
hidden content
Page explicitly instructs users that the home screen icon is designed to be non-obvious as an adult site ('アダルトサイトと分かり難いデザインになっていますので'), intentionally concealing the true nature of the site from casual observers. (location: page.html:1414, page-text.txt:1344)
social engineering
Multiple video titles employ non-consent and coercion framing (drugging with aphrodisiacs/sleep medication, blackmail via 'weakness', 'forced' scenarios tagged as 無理やり/無理やり) normalized as entertainment, which conditions users to accept manipulation tactics. Examples: 'drugged with aphrodisiacs', 'blackmailed into sex', 'sleep drug administered'. (location: page.html:167, page.html:303, page-text.txt:393, page-text.txt:971)
malicious redirect
Third-party ad script loaded from 'https://www.appdraft.link/js/wmc/63762.js' and 'https://www.appdraft.link/js/wmc/63761.js' — appdraft.link is a known adware/malvertising distribution domain associated with unwanted redirects and pop-ups in adult advertising networks. (location: page.html:207, page.html:1174)
malicious redirect
Ad script loaded from 'https://media.assistads.net/1623.js', '2310.js', '17802.js', '15732.js', '18809.js', '14534.js' — assistads.net is a third-party ad network associated with aggressive pop-under and redirect advertising in adult content verticals, posing redirect risk. (location: page.html:64, page.html:106, page.html:1398-1405)
malicious redirect
Ad script loaded from 'http://omt.shinobi.jp/...' using unencrypted HTTP (not HTTPS), injected via document.write with string-split obfuscation ('sc'+'ript') to evade content security scanners. This is a classic obfuscated script injection pattern. (location: page.html:1436)
obfuscated code
Script tag loaded via document.write with split string obfuscation: "<sc"+"ript type='text\/javascript' src='http:\/\/omt.shinobi.jp\/b\/8fb375f43b34440bda1d9dc733c1af87'><\/sc"+"ript>". This split-string technique is used to bypass static content security filters and inject external scripts at runtime. (location: page.html:1436)
malicious redirect
External ad script from 'https://js.octopuspop.com/pu-jq.js' drives native ad replacement (octopus_ntv, octopus_ntv2-5 divs) with template using unescaped {click_url} and {article_url} placeholders, enabling arbitrary URL injection by the ad network into page content. (location: page.html:1113-1160)
hidden content
Native ad template stored in a <script type='text/html'> block (id='format') is invisible to users but processed by octopuspop.com's JS to inject ad content including arbitrary {click_url} destinations not visible until runtime execution. (location: page.html:1114-1136)
malicious redirect
Affiliate link to 'http://click.dtiserv2.com/Direct/9018999-18-147679/movies/2133/' uses HTTP (not HTTPS) and routes through a click-tracker domain (dtiserv2.com), which is an adult affiliate tracking service that may redirect to unknown third-party destinations. (location: page.html:1090)
social engineering
Outbound partner site link uses a punycode/IDN-encoded domain 'xn--h-k9tybb8g5ivhkczry701afhpm4sru6d.net/' displayed with innocuous Japanese title '女性のためのアダルト動画エッチネット', obscuring the actual destination domain from users. (location: page.html:1185)
curl https://api.brin.sh/domain/loveh.orgCommon questions teams ask before deciding whether to use this domain in agent workflows.
loveh.org currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.