Link Check results for cside.dev

No Security Risks Detected

This domain appears to be safe and secure

100%

Score

Disclaimer: This assessment is based on automated analysis of publicly available information. Results are for informational purposes only. For critical applications, consult security professionals.

Scan Information

Last checked:June 26, 2025 18:58:10

Target URL:https://cside.dev/blog/weaponized-google-oauth-triggers-malicious-websocket

Scan Complete

Refresh page after 10 minutes
for updated results

Page Information

Target URL

https://cside.dev/blog/weaponized-google-oauth-triggers-malicious-websocket

Page Title

Weaponized Google OAuth Triggers Malicious WebSocket - c/side

Site Favicon

Status

Active

Host Information

Domain

cside.dev

Server

cloudflare

Country

United States

IP Address

172.66.43.37

ASN Information

13335

CLOUDFLARENET

Technologies

Apple iCloud Mail

Webmail

Amazon Web Services

PaaS

Stripe

Payment processors

Linkedin Insight Tag

Analytics

Linkedin Ads

Advertising

HSTS

Security

+5 more technologies detected

SSL Certificate

HTTPS Enabled

Secure

Certificate Issuer

WE1

Valid From

2025-04-30 00:30:40

Valid Until

2025-07-29 01:30:18

Subject Name

cside.dev

Performance Statistics

190

Total Requests

Domains

IP Addresses

3.25 MB

Transfer Size

Content Size8.62 MB

HTTP Headers

alt-svc

h3=":443"; ma=86400

cache-control

private, no-cache, no-store, max-age=0, must-revalidate

cf-cache-status

DYNAMIC

cf-ray

955eef776be366a1-MAD

content-encoding

content-security-policy-report-only

script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.cside.dev https://proxy.cside.dev https://proxy.csidetm.com https://proxy.cs.security https://analytics.twitter.com https://js.stripe.com https://unpkg.com https://*.intercom.io https://*.intercomcdn.com https://*.facebook.net https://cdn.jsdelivr.net https://code.jquery.com https://*.clarity.ms https://challenges.cloudflare.com https://www.googletagmanager.com https://ajax.cloudflare.com https://embed.lu.ma https://snap.licdn.com https://static.ads-twitter.com https://snid.snitcher.com https://cdn.vector.co/pixel.js https://www.google.com https://b.sf-syn.com https://static.cloudflareinsights.com https://google.com/; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://embed.lu.ma; worker-src 'self' blob:; img-src 'self' blob: data: https://content.cside.dev https://media.cside.dev https://media.client-side.dev https://px.ads.linkedin.com https://analytics.twitter.com https://px4.ads.linkedin.com https://*.clarity.ms https://t.co https://c.bing.com https://translate.google.com https://*.googleusercontent.com https://fonts.gstatic.com https://*.intercomcdn.com https://static.intercomassets.com https://b.sf-syn.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://cdn.jsdelivr.net; frame-src 'self' https://js.stripe.com https://challenges.cloudflare.com https://www.youtube.com https://platform.twitter.com https://*.hubspot.com https://www.googletagmanager.com https://i.liadm.com https://td.doubleclick.net; connect-src 'self' https://*.cside.dev https://*.csidetm.com https://*.cs.security https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.posthog.com https://*.clarity.ms https://client-side-scripts.s3.us-west-1.amazonaws.com https://analytics.twitter.com https://api.stripe.com https://q.stripe.com https://unpkg.com https://cdn.jsdelivr.net https://cside.instatus.com https://px.ads.linkedin.com https://pro.ip-api.com https://api.vector.co https://www.google.com https://idx.liadm.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; report-to csp-endpoint; report-uri https://proxy.csidetm.com/csp

content-type

text/html; charset=utf-8

cross-origin-embedder-policy

unsafe-none

cross-origin-opener-policy

same-origin

cross-origin-resource-policy

same-origin

date

Thu, 26 Jun 2025 18:58:19 GMT

permissions-policy

geolocation=(), microphone=(), camera=()

referrer-policy

strict-origin-when-cross-origin

report-to

{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://proxy.csidetm.com/csp"}]}

reporting-endpoints

csp-endpoint="https://proxy.csidetm.com/csp"

server

cloudflare

server-timing

cfCacheStatus;desc="DYNAMIC" cfOrigin;dur=40,cfEdge;dur=216 cfL4;desc="?proto=TCP&rtt=0&min_rtt=0&rtt_var=0&sent=0&recv=0&lost=0&retrans=0&sent_bytes=0&recv_bytes=0&delivery_rate=0&cwnd=0&unsent_bytes=0&cid=d84383ae66067581&ts=269&x=0"

strict-transport-security

max-age=31536000; includeSubDomains; preload

vary

Accept-Encoding

x-content-type-options

nosniff

x-frame-options

SAMEORIGIN

21 headers detected

Technology Stack Analysis

Apple iCloud Mail

Webmail

Apple iCloud Mail is a webmail service provided by Apple, Inc.

Amazon Web Services

PaaS

Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.

Stripe

Payment processors

Stripe offers online payment processing for internet businesses as well as fraud prevention, invoicing and subscription management.

Linkedin Insight Tag

Analytics

LinkedIn Insight Tag is a lightweight JavaScript tag that powers conversion tracking, website audiences, and website demographics.

Linkedin Ads

Advertising

Linkedin Ads is a paid marketing tool that offers access to Linkedin social networks through various sponsored posts and other methods.

HSTS

Security

HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.

Google Tag Manager

Tag managers

Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.

Cloudflare Browser Insights

AnalyticsRUM

Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.

Cloudflare

CDN

Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.

Amazon S3

CDN

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.

HTTP/3

Expires:7/31/2026

ph_phc_vPp2XatyIosfVTbnkFgPPrCbpO3LPFq9RpHuHWaXjua_posthog

.cside.dev

Secure Lax

Value

%7B%22distinct_id%22%3A%220197ad9a-ed2e-7230-9133-5257b9ebf1cc%22%2C%22%24sesid%22%3A%5B1750964302392%2C%220197ad9a-ed2b-7309-aa98-ac8ab9d10c15%22%2C1750964301099%5D%2C%22%24epp%22%3Atrue%2C%22%24initial_person_info%22%3A%7B%22r%22%3A%22%24direct%22%2C%22u%22%3A%22https%3A%2F%2Fcside.dev%2Fblog%2Fweaponized-google-oauth-triggers-malicious-websocket%22%7D%7D

Expires:6/26/2026

ui-store

cside.dev

Lax

Value

%7B%22state%22%3A%7B%22dashboardLoadingState%22%3Afalse%2C%22lastSelectedTeamId%22%3Anull%2C%22lastSelectedOrgId%22%3Anull%2C%22lastSelectedDomainId%22%3Anull%2C%22godMode%22%3Afalse%2C%22skus%22%3A%5B%7B%22name%22%3A%22free%22%2C%22header%22%3A%22What%20you%20get%22%2C%22subHeader%22%3A%22Sign%20up%20for%20free%22%2C%22monthlyPrice%22%3Anull%2C%22yearlyPrice%22%3Anull%2C%22features%22%3A%5B%22One%20domain%22%2C%22Single%20line%20implementation%22%2C%223%20day%20script%20history%22%2C%22Malicious%20domain%20name%20notifications%22%2C%22Email%20notifications%22%2C%22Work%20hours%20email%20support%22%2C%22Script%20caching%22%2C%22AI%20script%20summary%22%5D%7D%2C%7B%22name%22%3A%22business%22%2C%22header%22%3A%22Everything%20in%20Free%20%2B%22%2C%22subHeader%22%3A%22Subscription%22%2C%22monthlyPrice%22%3A9900%2C%22yearlyPrice%22%3A99900%2C%22features%22%3A%5B%22In%20depth%20source%20analysis%22%2C%2230%20day%20script%20history%22%2C%22Vanta%20integration%22%2C%22Script%20roll-back%22%2C%22Automated%20malicious%20script%20blocking%22%5D%7D%2C%7B%22name%22%3A%22enterprise%22%2C%22header%22%3A%22Everything%20in%20Business%20%2B%22%2C%22subHeader%22%3A%22Contact%20us%20for%20pricing%22%2C%22monthlyPrice%22%3Anull%2C%22yearlyPrice%22%3Anull%2C%22features%22%3A%5B%22Slack%20Integration%2C%20Webhook%20notifications%22%2C%22Audit%20logs%22%2C%22Deep%20script%20analysis%22%2C%2290-day%20script%20history%20including%20IPs%22%2C%22Organizations%20layer%20(multiple%20teams)%22%2C%22Custom%20script%20replacement%22%2C%2224h%20email%20%26%20Slack%20support%22%2C%22Dedicated%20customer%20success%20manager%22%2C%22PCI%20DSS%20dashboard%20for%206.4.3%20and%2011.6.1%22%2C%22Add-on%20SOC%20available%22%2C%22Add-on%20unlimited%20script%20history%22%2C%22Custom%20services%20available%22%2C%22Crawler%20based%20analysis%20(no%20code%20implementation)%22%5D%7D%5D%2C%22hiddenSetupBanners%22%3A%5B%5D%2C%22pciDssSidebarExpanded%22%3Afalse%7D%2C%22version%22%3A0%7D

Expires:6/26/2026

__hssc

.cside.dev

Lax

Value

99551809.1.1750964302470

Expires:6/26/2025

_ga

.cside.dev

Value

GA1.1.628355011.1750964302

Expires:7/31/2026

_gcl_au

.cside.dev