context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
js obfuscation
Very long base64 or hex string assigned in JavaScript — likely encoded payload
obfuscated code
A third-party script tag with id 'SmDIVKiq' loads from //css-load.com/loader.min.js with a heavily obfuscated 'data' attribute containing backslash-encoded payload strings. The onerror handler contains inline JavaScript that dynamically rewrites the script src, cycles through a hardcoded fallback domain list (css-load.com, fb.css-load.com, html-load.com, fb.html-load.com, content-loader.com, fb.content-loader.com, 07c225f3.online), and injects a full-viewport iframe from info.error-report.com if all fallbacks fail. The domain '07c225f3.online' is a randomised-looking TLD strongly associated with malvertising infrastructure. (location: page.html:101-109, <script> tag with id='SmDIVKiq')
malicious redirect
The obfuscated loader script's onerror handler, upon exhausting all fallback CDN domains, performs a hard redirect via location.href to 'https://info.error-report.com/modal?eventId=&error=...' and also injects a full-screen fixed iframe (z-index: 2147483647, 100vw x 100vh) from the same origin, completely overlaying the page. This constitutes a hostile takeover redirect/overlay pattern used in malvertising and tech-support scam campaigns. (location: page.html:104-109, onerror handler of script id='SmDIVKiq')
social engineering
The onerror handler of the obfuscated loader script displays a deceptive alert message (decoded from base64) instructing users to disable their adblocker, falsely attributing page load failure to adblocker filtering rules. A confirm() dialog is then used to redirect users to the error-report.com modal. This is a classic social engineering technique to manipulate users into disabling security controls or visiting a malicious page. (location: page.html:108-109, onerror handler of script id='SmDIVKiq', base64 strings decoded to adblocker-disable messages)
hidden content
The obfuscated script's 'data' attribute contains a backslash-encoded string ('znbgfzfef99v9xxuf9ef9fvsf796fjjfifxs9c\f9u9vfpsfxubfxfx9v\f9jbfifxv9c\...') that is not human-readable and appears to encode a payload processed by the remote loader script. This content is invisible to users and opaque to standard static analysis, consistent with hidden payload delivery. (location: page.html:101, data attribute of script id='SmDIVKiq')
prompt injection
The onerror handler sends a POST request to 'https://error-report.com/report?type=loader_pro&url='+btoa(location.href)+'&error='+btoa(o)' exfiltrating the current page URL and error details to a third-party server. For AI agents browsing the web, this could be used to track agent activity, harvest visited URLs, and potentially deliver tailored follow-up payloads. The subsequent full-viewport iframe injection from info.error-report.com could also deliver prompt injection content invisible to human users but processed by an AI agent reading page content. (location: page.html:105-106, fetch call and iframe injection in onerror handler of script id='SmDIVKiq')
obfuscated code
The variable 'dnvConfig' is assigned a base64-encoded JSON string at page load: 'eyJsb2FkZXJUaW1lb3V0IjoyMDAwLCJsb2FkZXJTb3VyY2VEb21haW4iOiJyYy4iLCJsb2FkZXJGYWxsYmFja0RvbWFpbiI6Im9jLiIsInBsYXllclRpbWVvdXQiOjI1MDAsInBsYXllclByb2dyZXNzVGltZW91dCI6MjUwMCwicGxheWVyU291cmNlRG9tYWluIjoicmMuIiwicGxheWVyRmFsbGJhY2tEb21haW4iOiJvYy4ifQ=='. While decoding reveals ad-player configuration, this obfuscation pattern is used to hide domain references ('rc.' and 'oc.' prefixes for loader and player source/fallback domains) from static scanners, and is consistent with dynamic ad-loader infrastructure used to serve malvertising. (location: page.html:62, var dnvConfig assignment)
hidden content
Multiple ad unit configuration objects are stored as base64-encoded JSON in data-oad-unit attributes throughout the page (e.g. eyJwb3NpdGlvbiI6InNpZGVfbCIs... on ddnad-wrapper divs). While these are standard ad network patterns, they obscure the actual ad slot, chain, and fallback configuration (including Kakao, Google, and Coupang ad chains) from plain-text inspection. The chained ad waterfall (google → kakao → coupang) with fallback domains increases the attack surface for malicious ad injection. (location: page.html:638, 1736, 3805, 3871, multiple ddnad-wrapper elements)
curl https://api.brin.sh/domain/dogdrip.netCommon questions teams ask before deciding whether to use this domain in agent workflows.
dogdrip.net currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.