context safety score
A score of 43/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
JavaScript uses Function constructor for runtime code generation
phishing
Page impersonates Microsoft Office 365 login with credential form
brand impersonation
The site spotv24.com presents itself as '레진코믹스' (Lezhin Comics), a well-known Korean webtoon platform, using its branding, navigation structure, logo reference, and even the promotional text '레진코믹스 PLUS 설치하고 코인 10% 할인' — but it is not the legitimate Lezhin Comics domain (lezhin.com). This is a counterfeit site impersonating an established brand. (location: page.html lines 431-432, 521, header navigation)
credential harvesting
The page contains a fully functional login form (email + password fields) that submits credentials via POST to /bbs/login_check.php. The site is not the legitimate platform it impersonates (Lezhin Comics), so user credentials entered here would be harvested by the site operators. The form also offers an auto-login/persistent session option. (location: page.html lines 482-503, sidenav login form)
malicious redirect
A prominent top banner ad and a persistent floating widget both link to //www.fusoft001.com and https://11toon1.com respectively — external third-party domains unrelated to the site content. The floating widget ('new_quit') is styled to appear as a 'latest address' notice for 'spotv148.COM', actively driving users to another domain. This pattern is characteristic of traffic monetization via forced redirects on piracy/clone sites. (location: page.html lines 142-143 (fusoft001.com banner), lines 390-399 (new_quit widget to 11toon1.com))
malicious redirect
A direct APK download link is embedded in the floating widget: http://toon123dld.spotv24.com/11toon.apk. This serves an Android application package directly from a subdomain, bypassing app store vetting. Such sideloaded APKs frequently contain adware, spyware, or malware. (location: page.html line 407, new_quit widget third item)
brand impersonation
The PWA/mobile app metadata sets application-name and apple-mobile-web-app-title to 'Stake' — a well-known online gambling brand — while the site presents as a webtoon service. This mismatch is used to associate the site with an unrelated trusted brand in mobile OS app listings and browser chrome. (location: page.html lines 56 and 70, meta name=application-name and apple-mobile-web-app-title)
hidden content
Award/credibility badges ('제 9회 대한민국 인터넷대상 국무총리상', '글로벌K-스타트업 2013 최우수상', '벤처기업 인증', '클린사이트 선정') are rendered in a hidden element (hidden attribute on #prize-list). These fake legitimacy signals are present in the DOM and likely originally belong to the real Lezhin Comics site, here used to deceive users and automated trust-scoring tools. (location: page.html lines 1223-1232, #prize-list with hidden attribute)
social engineering
The floating widget prominently displays a 'latest address' (최신주소) notice showing 'spotv148.COM', implying the current domain will be taken down and users must follow the operator to a new domain. This is a common social engineering technique on piracy/scam sites to build a loyal user base and migrate them across domains, maintaining persistent contact. (location: page.html lines 388-399, new_quit widget with 최신주소 label)
social engineering
A Telegram channel link (https://t.me/toonlink11) is embedded in the main navigation as '주소알림' (address notification). This is used to maintain out-of-band contact with users to drive them to successor domains and further social engineering campaigns, a known technique for persistent audience control on illicit content sites. (location: page.html line 442, nav-main__item linking to t.me/toonlink11)
hidden content
A commented-out external analytics script from analytics-script.ad-shield.io is present. While currently disabled via HTML comment, its presence suggests prior use of a third-party ad/analytics injection service that may have served tracking or ad-injection payloads. The verification meta tag is also commented out alongside it. (location: page-hidden.txt lines 5-6, page.html lines 14-15)
curl https://api.brin.sh/domain/spotv24.comCommon questions teams ask before deciding whether to use this domain in agent workflows.
spotv24.com currently scores 43/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.