context safety score
A score of 40/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
encoded payload
suspicious base64-like blobs detected in page content
malicious redirect
script/meta redirect patterns detected in page source
cloaking
Page checks user-agent for bot/crawler strings to serve different content
cloaking
Page conditionally redirects based on referrer or user-agent
exfiltration
JavaScript intercepts form submissions to exfiltrate data
js obfuscation
JavaScript uses Function constructor for runtime code generation
malicious redirect
JavaScript bot-detection script (checking for Googlebot, Bingbot, Baiduspider, YandexBot, DuckDuckBot) with a comment explicitly stating 'Отключение переадресации для поисковых роботов' (Disable redirects for search robots), indicating cloaking behavior where different content or redirects are served to human visitors versus crawlers/AI agents. (location: page.html lines 91-107, rec766647063 T123 block)
malicious redirect
postMessage event listener on window with no origin validation triggers top.location.href redirect to 'https://ui.udsp.io/dashboard' upon receiving a 'success' message. Any cross-origin iframe can send this message to force a top-level navigation redirect, exploitable via malicious iframes or XSS. (location: page.html lines 17-32)
malicious redirect
Geo-based redirect using external service geo.tildacdn.com to detect user country, silently redirecting visitors from Russia (RU) and Belarus (BY) to '/ru'. Combined with bot-detection cloaking, this creates differential behavior between crawlers and human users from specific regions. (location: page.html lines 202-224, rec639483776 T808 block)
credential harvesting
Login popup (#signin anchor) and 'Get started' popup (#popup anchor) contain embedded forms collecting name, company, and email. An iframe-based login flow posts a 'success' message back to parent to trigger dashboard redirect (ui.udsp.io/dashboard), characteristic of a credential relay pattern where login credentials may be processed through an embedded iframe without user awareness of the actual authentication endpoint. (location: page.html lines 17-32; page-hidden.txt lines 1-5; page.html #signin and #popup anchors)
brand impersonation
The site presents itself as 'uDSP by UMG' and links to umg.team. 'UMG' is a well-known abbreviation for Universal Music Group (a major global entertainment company). The domain umg.team is unrelated to Universal Music Group, creating potential for brand confusion, especially in automated agent searches for UMG-related services. (location: page.html title tag, meta og:title, metadata.json domain udsp.io)
hidden content
Scrollbar is hidden via CSS ('body::-webkit-scrollbar { display: none; }') and a full-viewport preloader overlay locks body scroll for up to 3 seconds on page load. Additionally, several positioned elements use extreme negative top/left values (e.g., top:-99px, left:-70px, height:5000px) extending far outside viewport bounds, which could conceal content from visual inspection while remaining in the DOM. (location: page.html rec587244020 ANX809 block; rec580880459 preloader; rec609646421 element data-elem-id 1687277533691)
curl https://api.brin.sh/domain/udsp.ioCommon questions teams ask before deciding whether to use this domain in agent workflows.
udsp.io currently scores 40/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this domain.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.