urlscan.io logo urlscan.io
SecurityTrails logo

www.threatdown.com
192.0.66.84  Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-se... 3yr old
Submission: On March 13 via api from US — Scanned from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 3 countries across 17 domains to perform 94 HTTP transactions. The main IP is 192.0.66.84, located in San Francisco, United States and belongs to AUTOMATTIC - Automattic, Inc, US. The main domain is www.threatdown.com. 3yr old
TLS certificate: Issued by E8 on February 17th 2026. Valid for: 3mo.
This is the only time www.threatdown.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 40 192.0.66.84 2635 (AUTOMATTIC)
1 142.251.209.8 15169 (GOOGLE)
12 34.107.218.251 396982 (GOOGLE-CL...)
1 142.251.208.10 15169 (GOOGLE)
4 104.17.71.206 13335 (CLOUDFLAR...)
2 104.16.190.41 13335 (CLOUDFLAR...)
4 192.0.76.3 2635 (AUTOMATTIC)
3 104.18.30.133 13335 (CLOUDFLAR...)
1 142.251.38.131 15169 (GOOGLE)
1 34.117.39.58 396982 (GOOGLE-CL...)
12 104.18.87.42 13335 (CLOUDFLAR...)
1 172.64.148.75 13335 (CLOUDFLAR...)
3 23.52.181.12 16625 (AKAMAI-AS)
1 104.18.11.212 13335 (CLOUDFLAR...)
1 172.64.149.114 13335 (CLOUDFLAR...)
1 108.138.26.31 16509 (AMAZON-02)
1 104.18.32.137 13335 (CLOUDFLAR...)
2 104.17.72.206 13335 (CLOUDFLAR...)
94 19
40    192.0.66.84 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
www.threatdown.com 3yr old
1    142.251.209.8 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: mil04s50-in-f8.1e100.net
www.googletagmanager.com 56yr old
12    34.107.218.251 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 251.218.107.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com 10yr old
1    142.251.208.10 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcfraa-bp-in-f10.1e100.net
fonts.googleapis.com 56yr old
4    104.17.71.206 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
go.malwarebytes.com 10yr old
2    104.16.190.41 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.g2.com 7yr old
4    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
stats.wp.com 9yr old
pixel.wp.com 9yr old
3    104.18.30.133 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
get.threatdown.com 9mo old
partnerlinks.io 4yr old
1    142.251.38.131 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lcprga-af-in-f3.1e100.net
fonts.gstatic.com 9yr old
1    34.117.39.58 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 58.39.117.34.bc.googleusercontent.com
www.upsellit.com 9yr old
12    104.18.87.42 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.cookielaw.org 9yr old
1    172.64.148.75 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
185c650ccfd84b27aad189f19681365b.js.ubembed.com 4yr old
3    23.52.181.12 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-52-181-12.deploy.static.akamaitechnologies.com
assets.adoberesources.net 5yr old
1    104.18.11.212 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
grsm.io 9yr old
1    172.64.149.114 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.weglot.com 8yr old
1    108.138.26.31 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-138-26-31.fra56.r.cloudfront.net
assets.ubembed.com 10yr old
1    104.18.32.137 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
geolocation.onetrust.com 8yr old
2    104.17.72.206 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
go.malwarebytes.com 10yr old
Apex Domain
Subdomains		 Transfer
42 threatdown.com
www.threatdown.com 3yr old
get.threatdown.com 9mo old
851 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 498 9yr old
164 KB
12 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3110 10yr old
275 KB
6 malwarebytes.com
go.malwarebytes.com 10yr old
140 KB
4 wp.com
stats.wp.com — Cisco Umbrella Rank: 4810 9yr old
pixel.wp.com — Cisco Umbrella Rank: 4998 9yr old
7 KB
3 adoberesources.net
assets.adoberesources.net — Cisco Umbrella Rank: 63750 5yr old
106 KB
2 ubembed.com
185c650ccfd84b27aad189f19681365b.js.ubembed.com 4yr old
assets.ubembed.com — Cisco Umbrella Rank: 22980 10yr old
51 KB
2 g2.com
www.g2.com — Cisco Umbrella Rank: 78489 7yr old
22 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 835 8yr old
319 B
1 weglot.com
api.weglot.com — Cisco Umbrella Rank: 31109 8yr old
228 B
1 grsm.io
grsm.io — Cisco Umbrella Rank: 24203 9yr old
281 B
1 partnerlinks.io
partnerlinks.io — Cisco Umbrella Rank: 25836 4yr old
280 B
1 upsellit.com
www.upsellit.com — Cisco Umbrella Rank: 13608 9yr old
9 KB
1 gstatic.com
fonts.gstatic.com 9yr old
42 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 81 56yr old
2 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71 56yr old
160 KB
0 adobe.io Failed
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io Failed 1yr old
94 17
Domain Requested by
40 www.threatdown.com 1 redirects www.threatdown.com
12 cdn.cookielaw.org www.threatdown.com
cdn.cookielaw.org
12 dev.visualwebsiteoptimizer.com www.threatdown.com
6 go.malwarebytes.com www.threatdown.com
go.malwarebytes.com
3 assets.adoberesources.net www.googletagmanager.com
assets.adoberesources.net
2 pixel.wp.com www.threatdown.com
2 get.threatdown.com www.threatdown.com
get.threatdown.com
2 stats.wp.com www.threatdown.com
2 www.g2.com www.threatdown.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 assets.ubembed.com 185c650ccfd84b27aad189f19681365b.js.ubembed.com
1 api.weglot.com www.threatdown.com
1 grsm.io get.threatdown.com
1 partnerlinks.io get.threatdown.com
1 185c650ccfd84b27aad189f19681365b.js.ubembed.com www.googletagmanager.com
1 www.upsellit.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com www.threatdown.com
1 www.googletagmanager.com www.threatdown.com
0 project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io Failed assets.adoberesources.net
94 20
Subject Issuer Validity Valid
www.threatdown.com
E8		 2026-02-17 -
2026-05-18		 3mo crt.sh
*.google-analytics.com
WE2		 2026-02-02 -
2026-04-27		 3mo crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2025-06-30 -
2026-07-06		 1yr crt.sh
upload.video.google.com
WE2		 2026-02-02 -
2026-04-27		 3mo crt.sh
go.malwarebytes.com
WE1		 2026-03-09 -
2026-06-07		 3mo crt.sh
www.g2.com
WE1		 2026-02-02 -
2026-05-03		 3mo crt.sh
wp.com
E7		 2026-02-02 -
2026-05-03		 3mo crt.sh
get.threatdown.com
E8		 2026-01-18 -
2026-04-18		 3mo crt.sh
*.gstatic.com
WE2		 2026-02-02 -
2026-04-27		 3mo crt.sh
*.upsellit.com
RapidSSL TLS RSA CA G1		 2025-09-11 -
2026-10-03		 1yr crt.sh
cookielaw.org
WE1		 2026-01-26 -
2026-04-26		 3mo crt.sh
*.js.ubembed.com
E7		 2026-01-22 -
2026-04-22		 3mo crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-06-24 -
2026-07-25		 1yr crt.sh
partnerlinks.io
WE1		 2026-02-19 -
2026-05-20		 3mo crt.sh
grsm.io
WE1		 2026-03-03 -
2026-06-01		 3mo crt.sh
api.weglot.com
WE1		 2026-02-12 -
2026-05-13		 3mo crt.sh
assets.ubembed.com
Amazon RSA 2048 M01		 2025-10-06 -
2026-11-03		 1yr crt.sh
geolocation.onetrust.com
WE1		 2026-01-26 -
2026-04-26		 3mo crt.sh

This page contains 2 frames:

Primary Page: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Frame ID: 02A266DF69B14B12FE811C746A8FADB7
Requests: 93 HTTP requests in this frame

Frame: https://go.malwarebytes.com/index.php/form/XDFrame
Frame ID: D194275ECDE505FB088675DB1DB54376
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security - ThreatDown by Malwarebytes

Page URL History Show full URLs

  1. https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to... HTTP 301
    https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • ubembed\.com
Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • \.googletagmanager\.com/
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • dev\.visualwebsiteoptimizer\.com/
Overall confidence: 100%
Detected patterns
  • jquery
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • www\.upsellit\.com/

Page Statistics

94
Requests

96 %
HTTPS

0 %
IPv6

17
Domains

20
Subdomains

19
IPs

3
Countries

1861 kB
Transfer

5740 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security HTTP 301
    https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

94 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Redirect Chain
  • https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security
  • https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
175 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx / WordPress VIP <https://wpvip.com>
Resource Hash
f99a3571e8057b5a95d4069144f74b865713581f6fa2236b42f9a9335c6aacfd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Linux"

Response headers

accept-ranges
bytes
cache-control
no-cache, must-revalidate, max-age=0, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 13 Mar 2026 12:35:29 GMT
host-header
a9130478a60e5f9135f765b23f26593b
link
<https://www.threatdown.com/wp-json/>; rel="https://api.w.org/" <https://www.threatdown.com/wp-json/wp/v2/posts/150373>; rel="alternate"; title="JSON"; type="application/json" <https://www.threatdown.com/?p=150373>; rel=shortlink
server
nginx
vary
Accept-Encoding
x-cache
BYPASS
x-hacker
If you're reading this, you should visit https://join.a8c.com/viphacker and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-rq
vie1 0 30 9980

Redirect headers

cache-control
no-cache, must-revalidate, max-age=0, no-store
content-type
text/html; charset=UTF-8
date
Fri, 13 Mar 2026 12:35:29 GMT
host-header
a9130478a60e5f9135f765b23f26593b
location
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
server
nginx
x-cache
BYPASS
x-hacker
If you're reading this, you should visit https://join.a8c.com/viphacker and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-redirect-by
WordPress
x-rq
vie1 0 30 9980
/
www.threatdown.com/_static/ 		197 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJytUNFOwzAM/CHcqMCoeEB8BB+A3MRrs6ZJFjt04+uJomUSGg8g8eY7+3xnqy2CDl7Ii4ouT9azYrtGR3DM9hPGbJ2hpJCZhFXlWM6OOs18p35Qxzw6y3NMxAxMyRJDTEGFNL1V9Gel9dplcwFoTCizdJKEIGGhAq6rodL/YhADC5RpgTGc2vll8fcG7FP1MDeea4ZmeyCJqBfod92ugfePIgrlr1nCiiJWX8eYMOlZ1c+XaCzopZGHeKk6PWe/wIrWQ8SzC3gboflvNLkgypTM9YKaGUr1a4WnDfYOp6p4XV/6YXjon4b758cv5cnaig==
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
84361c8cb8bdb49273c762e46ea6c66bd4a373f62f899fdd83ff93987c01825a

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Tue, 10 Mar 2026 18:28:14 GMT
gtm.js
www.googletagmanager.com/ 		501 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.209.8 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
mil04s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
d05d2673ba66ebb466486298e9f5b4c1028ec12bf25ea69e6d8d8ef3ec0c832d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-encoding
zstd
expires
Fri, 13 Mar 2026 12:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 13 Mar 2026 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
163778
x-xss-protection
0
server
Google Tag Manager
j.php
dev.visualwebsiteoptimizer.com/ 		36 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=805334&u=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security%2F&vn=2.2&ph=1&p=web&st=902.5&x=true
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gfra2 /
Resource Hash
3c4071bba46daa53d2041d21c0d945c5a1ca1bcc8bcbccf44f02109933193192
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.threatdown.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
gfra2
/
www.threatdown.com/_static/ 		266 KB
69 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css,/wp-content/plugins/wp-search-with-algolia/css/algolia-autocomplete.css?m=1773246248
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
e4ece54c11eb4c4fadb3118d5db8ebc106d76e30d887c1a434669409ca27c8c2

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:08 GMT
/
www.threatdown.com/_static/ 		104 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSouxSmZxSX6Gfn52cVQFfa5tobm5sZGJmZGJpZZAEtsLqo=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d3c2d4013b29c1b94c18923287eb6afd768b1dc3e945cc60fb799c5dfc77ee9f

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:09 GMT
i18n.min.js
www.threatdown.com/wp-includes/js/dist/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d4efe709c65438ae90dff385486421fea45762880f21fc4e0dca3fa96210f428

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b19729-14c2"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Wed, 11 Mar 2026 16:24:09 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/ 		127 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJyN0NsKwjAMBuAXsgvO4fBCfJauyUZKD7NpHfPpreLVQBnkLt+fkMAyKxNDppBhdmXiILDQ5GIGZMkwptpUVhorB6iWg3EFScDWuhdKKxQGExM1nsN/5WORHUxiynpwO2Qi4eeWbq/R+NDBECpTJEevRiaHouYUQYtQFhgKO3xP1mb8tfTzDKzxRBrXr7r567HvT213bruLfQFjnHno
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
a73d6e7d63331edee02800a34a529bed3d158df9a87c0fec16c18803061a28a3

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:09 GMT
a11y.min.js
www.threatdown.com/wp-includes/js/dist/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
c99c0a54cd4e1b44926d0bbeb3fc307a12349389648bce3c47370a26897c41c2

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b19729-8a4"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Wed, 11 Mar 2026 16:24:09 GMT
server
nginx
vary
Accept-Encoding
acf-input.min.js
www.threatdown.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/ 		122 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/acf-input.min.js?m=1766432769g
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f557bd9196f91039eb50e1983447d953e692cb64e59b9bca36963bc8c855128c

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"6949a001-1e91c"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Mon, 22 Dec 2025 19:46:09 GMT
server
nginx
vary
Accept-Encoding
css2
fonts.googleapis.com/ 		27 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
142.251.208.10 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
lcfraa-bp-in-f10.1e100.net
Software
ESF /
Resource Hash
9797b7049e90dce53a98bc42da75f326448da5ef73d3229a428eff4b6435c7b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 13 Mar 2026 12:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Fri, 13 Mar 2026 11:43:49 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
/
www.threatdown.com/_static/ 		70 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJyNjcEOgyAQRH+odNvayMn4LQIbJNJlw4L+vhhPxktvM2+SN7CxsokKUgGO1QcSmNw6kUWnfG3cYPaKc4IYDKxILmXgamKQmTOKXIoyMdmlKUSwCNg2n+TZ4gP+P7sJDnpIxt/w1n3/7T5av3ZigEdT
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
0772c944b7f3d9ed1ee8f2aeb5506baf02089b2cf66aa6c03d3dd0538d0d97dc

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/css;charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Mon, 22 Dec 2025 19:46:10 GMT
threatdown-powered-horiz-navy.png
www.threatdown.com/wp-content/themes/mbc/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/threatdown-powered-horiz-navy.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
1b016d0cd2ad3511e61f62abcaf5b39ae328744437404ebf1cf5500059247b39

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"6949a003-48e6"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
18662
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Mon, 22 Dec 2025 19:46:11 GMT
server
nginx
icon-td-chevron-navy.svg
www.threatdown.com/wp-content/themes/00-dev__mbc/theme/images/ 		522 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/00-dev__mbc/theme/images/icon-td-chevron-navy.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b7ef5d56cc81e313639ce620234f25c7529c3328b7477d9b5695a987a8f93ceb

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"6949a003-20a"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/svg+xml
last-modified
Mon, 22 Dec 2025 19:46:11 GMT
server
nginx
vary
Accept-Encoding
Nav-Resources-SOM-2026.png
www.threatdown.com/wp-content/uploads/2026/01/ 		152 KB
153 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2026/01/Nav-Resources-SOM-2026.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
1e183a40e8d763ac38b53e179a0f5fcc5249165c164917c039fe579be6c93424

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"4ff093cfcb8f174b"
x-bytes-saved
52499
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
155724
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Tue, 03 Feb 2026 15:06:26 GMT
Nav-TD-Product-of-Year.png
www.threatdown.com/wp-content/uploads/2025/12/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2025/12/Nav-TD-Product-of-Year.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
7c1b732b9d984d840ee9bb8e57ee52dd7f5b926d8f1f13b8d0d288705d85880f

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"7eabf0188d04d3ce"
x-bytes-saved
7881
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
56632
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Tue, 09 Dec 2025 22:39:49 GMT
fdae9585-565c-45c8-a605-a228f7e0f5c3_blog-image-gradient-3.jpg
www.threatdown.com/wp-content/uploads/2026/03/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2026/03/fdae9585-565c-45c8-a605-a228f7e0f5c3_blog-image-gradient-3.jpg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
0b3b65b4516fd66dfb3ce6863eab69d5233436aa03cdf698dc34fc4b6bf7cc9b

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"e82b7e6da6225915"
x-bytes-saved
148082
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
90892
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Wed, 11 Mar 2026 06:49:26 GMT
icon-social-linkedin-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		598 B
843 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-linkedin-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
dcca268c994587f5f3821444ffc4d1437aed21492476d0e60ec4c595e576e6bf

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-256"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
598
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-x-twitter-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-x-twitter-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
3c09e996a4bfaf7a0844b82ac6e64c052b366a67e037741b9f040783af2e839d

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-957"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
2391
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-youtube-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		593 B
838 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-youtube-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d46b5b98a8379735a4bf27c51fc4f2e1b103b4d2ca3b651ce11f18958a337f06

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-251"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
593
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-facebook-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		641 B
886 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-facebook-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9cdf623278acfa83fba91ae71cf74bae15c19c026d566d444e72e173522e17de

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"6994a2d5-281"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
641
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Tue, 17 Feb 2026 17:18:13 GMT
server
nginx
forms2.min.js
go.malwarebytes.com/js/forms2/js/ 		201 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
152e8c2bf61e2e7461c42b8f90771a9887ea0d0fb574fccee3c0a9a724d0d829
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"16a132f-32530-64cdf27526535"
age
5505
x-content-type-options
nosniff
cf-ray
9dbb142fd9474f59-VIE
expires
Fri, 13 Mar 2026 16:35:29 GMT
accept-ranges
bytes
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/x-javascript
last-modified
Fri, 13 Mar 2026 03:06:21 GMT
vary
Accept-Encoding
server
cloudflare
stars
www.g2.com/products/threatdown/widgets/ 		18 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.g2.com/products/threatdown/widgets/stars?color=white&type=read
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.190.41 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
920f7c3dc77335f796e438e4cf0b6a5d5a0ff26372005f024a4faf145bf35a2f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action https: claude: chatgpt: 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-request-id
ddd84090d4d7600992fad9fdca09b112
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"8cfd355ac31081b0a8a11861cfed1b67"
x-scrapable-source-location
widgets#stars
x-permitted-cross-domain-policies
none
we_are_hiring
https://company.g2.com/careers/open-positions
x-content-type-options
nosniff
x-scrapable-route
false
server-timing
cloudflare_started_at;desc=1773405329737.0, reverse_proxy_started_at;desc=1773405330146.0, application_started_at;desc=1773405330147.0, application_ended_at;desc=1773405330168.0, reverse_proxy_ended_at;desc=1773405330170, cloudflare_ended_at;desc=1773405330319, cfExtPri
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/png
content-disposition
inline; filename="white-9.png"; filename*=UTF-8''white-9.png
vary
Origin,Accept-Encoding
last-modified
Mon, 05 Jan 2026 06:21:55 GMT
priority
u=3,i
x-runtime
0.020152
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action https: claude: chatgpt: 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
cache-control
max-age=0, private, must-revalidate
accept-ch
Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
9dbb142ebb013257-VIE
x-datadome
protected
x-xss-protection
1; mode=block
server
cloudflare
quiz-script.js
www.threatdown.com/wp-content/plugins/simple-quiz-builder/assets/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/plugins/simple-quiz-builder/assets/quiz-script.js?m=1773167608g
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b5679062fb564b2b273f7a3dd4bf73ebaf676f2fb850af8533a0327d94bd2ddf

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b063f8-6a28"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Tue, 10 Mar 2026 18:33:28 GMT
server
nginx
vary
Accept-Encoding
i18n-loader.js
www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-assets/build/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.js?minify=true&ver=517685b2423141b3a0a3
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
25f404c7089e567ef273eab5e7e1e02d59f0da5e0d270fa2608ec2a3563c5a67

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b062be-1797"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Tue, 10 Mar 2026 18:28:14 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/ 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??/wp-includes/js/dist/vendor/wp-polyfill.min.js,/wp-includes/js/dist/url.min.js?m=1773246249j
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
ae0672aa01a276f74c2088c271b38655db73a822ccffe9349ceb38b0d7cb436e

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:09 GMT
jp-search.js
www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=75be4b99af5da8e881da
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
e83c50ba1915abd2e0ea2b685cd80ecfb4a12fdcfc05c4a7b3eae3737d8506bd

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b062be-16aa"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Tue, 10 Mar 2026 18:28:14 GMT
server
nginx
vary
Accept-Encoding
w.js
stats.wp.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/w.js?ver=202611
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
bbcc769c4704058d89afc024f24dde11deed8ec61b99f1d52ba935fad8614523

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
a8c-edge-cache
cache
content-encoding
br
x-nc
HIT vie
etag
W/12868-1717166113530.9253
x-minify
t
x-minify-cache
hit
access-control-allow-methods
GET, HEAD
expires
Mon, 08 Mar 2027 23:52:33 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
/
www.threatdown.com/_static/ 		161 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJx1zcsOhCAMheEXGq06XlZmnkVqE0EpSCG+/nThluXJ/yUHnthg4EycIR/kScAbBCcgmGzMrbfcOvmAOst4lV2F1sI7JcGQqCbMhqcJXO1btE2iu5BUT3SqeuvPr/2yfIdxHqbO/QGVaUIf
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9b8896b4bdd1723af08d7fa473b2a059ceac0de2bcde11530752ba3266571e41

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:10 GMT
message-banners.min.js
www.threatdown.com/wp-content/themes/mbc/js/ 		912 B
669 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/themes/mbc/js/message-banners.min.js?ver=tbhpzu
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
a1bbdc96b40bc122a569fd60fc13ab88bcc4a03713ed73806fd57f498bf8b923

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"6949a003-390"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Mon, 22 Dec 2025 19:46:11 GMT
server
nginx
vary
Accept-Encoding
/
www.threatdown.com/_static/ 		72 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/_static/??-eJydjssSgyAMRX+oQGsfrjr9FgZQw4TAlGT8fbG6sFt399wkZ2LmooAcig/VxGoaCgPqBKRjvazsMnEgNgVlBPqt1GC/blIz8KQsjhnBrsd73KbGQ+X/SiFw0JL8CbVwdjkVDM3QeJMfy3MfHwyKWqQBwXETfdL71vf37vHqnte4AGbFbjg=
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
06b9f58045dc07771d9806ca58e3c7d124e719fd203507e28f2a7bc44c470846

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
accept-ranges
bytes
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
last-modified
Wed, 11 Mar 2026 16:24:10 GMT
e-202611.js
stats.wp.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202611.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
a8c-edge-cache
cache
content-encoding
br
x-nc
HIT vie
etag
W/7134-1748959715126.2634
x-minify
t
x-minify-cache
hit
access-control-allow-methods
GET, HEAD
expires
Mon, 01 Mar 2027 22:25:57 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
worker-1bdd4839c2aba7ff9a5378f891294b58.br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/ 		299 KB
72 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-1bdd4839c2aba7ff9a5378f891294b58.br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6805c82f7838e734794fd21f37a973df4aaabf06b6133bac3705d0f83068b7cb

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=PAybOQ==, md5=uOsV5Ql/xgOPTp/o4//fbA==
etag
"b8eb15e5097fc6038f4e9fe8e3ffdf6c"
age
10943
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
73184
date
Fri, 13 Mar 2026 09:33:06 GMT
last-modified
Fri, 13 Mar 2026 08:58:57 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWzGDeSBfqw_i4yyf3oOoMfHBdnqawIjb8euzCzOySiB6yb4NQBhXZFoHYk9gXJhLmhA
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1773392337309661
content-length
73184
content-language
en
server
UploadServer
va_gq-5aeef132e670e16de1896365f25ec820.br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/ 		373 KB
95 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-5aeef132e670e16de1896365f25ec820.br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f8bb8655bd867b129e0c21889e3816c182f0052d8f16c6c4a239c0f0b4dacab0

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=0DK+Zg==, md5=Nc+6IsM+tXp9HLYGr82+hQ==
etag
"35cfba22c33eb57a7d1cb606afcdbe85"
age
10943
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
97425
date
Fri, 13 Mar 2026 09:33:06 GMT
last-modified
Fri, 13 Mar 2026 08:59:14 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWwMMDgHIRa2g8rth82llq7gZLMVCaryHtAn2vd4PzisB_3Y9A0mCJ2NXHFRJKiqFGVC
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1773392354177568
content-length
97425
content-language
en
server
UploadServer
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=805334&d=threatdown.com&u=DAD08C2922C7D7C19EA9BF706664F1033&h=02d3f0468ee8fa5f3aa562b0f6eb4e2a&t=false
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=43200
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/gif
server
gnv02c
js
get.threatdown.com/pr/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.threatdown.com/pr/js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.133 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
45bc7901f8bcaa77e9fd13c5917313d6bef262b9770e134c28bfe2a3d133016e

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
public, max-age=14400, stale-if-error=604800
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"699f8a30-235d"
via
1.1 google
cf-ray
9dbb142efc298e61-VIE
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Wed, 25 Feb 2026 23:48:00 GMT
vary
Accept-Encoding
server
cloudflare
indic-chevron-right.svg
www.threatdown.com/wp-content/themes/mbc/images/ 		548 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/indic-chevron-right.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css,/wp-content/plugins/wp-search-with-algolia/css/algolia-autocomplete.css?m=1773246248
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/_static/??/wp-content/themes/mbc/style.css,/wp-includes/css/dashicons.min.css,/wp-content/plugins/wp-search-with-algolia/css/algolia-autocomplete.css?m=1773246248
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-encoding
br
x-rq
vie1 0 30 9980
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
x-cache
EXPIRED
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/html
vary
Accept-Encoding
server
nginx
KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
fonts.gstatic.com/s/roboto/v51/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.38.131 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
lcprga-af-in-f3.1e100.net
Software
sffe /
Resource Hash
1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.threatdown.com
sec-ch-ua-platform
"Linux"
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

age
269087
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 10 Mar 2027 09:50:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 10 Mar 2026 09:50:42 GMT
last-modified
Wed, 18 Feb 2026 19:51:37 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
43136
x-xss-protection
0
server
sffe
som26-bg-right.png
www.threatdown.com/wp-content/uploads/2026/02/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2026/02/som26-bg-right.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
a6b229a8c778694e135c29ab8567fa2ba2c573f2978eff82fe638b5111ecf5d3

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"607ada719c8c11d3"
x-bytes-saved
4013
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
39988
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Wed, 04 Feb 2026 22:08:48 GMT
som26-bg-left.png
www.threatdown.com/wp-content/uploads/2026/02/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2026/02/som26-bg-left.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
4b17e53aba156c805e635b370a0bb01ad2529bad48ecf827544695ecdc055ed2

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"f09f95ac9c3cabb1"
x-bytes-saved
872
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
13286
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Wed, 04 Feb 2026 22:08:48 GMT
truncated
/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Origin
https://www.threatdown.com
Referer

Response headers

Content-Type
application/x-font-woff;charset=utf-8
image1.jpg
www.threatdown.com/wp-content/uploads/2026/03/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/uploads/2026/03/image1.jpg?resize=768,650
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
776d6ebf55c05a35a1a90d312315ed0b65b03bb77e43fb7b984ed9997e284490

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1
etag
"e0bdf348cb7fdca4"
x-bytes-saved
135548
access-control-allow-methods
GET, HEAD
accept-ranges
bytes, bytes
access-control-allow-origin
*
x-cache
HIT
content-length
27450
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/webp
vary
Accept
server
nginx
last-modified
Wed, 11 Mar 2026 06:49:27 GMT
e5a5bab5-b13f-46c7-a565-a028667ff4b6
https://www.threatdown.com/ 		0
0
threatdown.jsp
www.upsellit.com/active/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.upsellit.com/active/threatdown.jsp
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.39.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
58.39.117.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
78dcd86944d90b0c8b9961f9dcc63bfc047dfdb2647d02ec3871138cc2ca0f75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=86400
content-encoding
gzip
age
64288
via
1.1 google
expires
Fri, 13 Mar 2026 18:44:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9176
date
Thu, 12 Mar 2026 18:44:01 GMT
content-type
application/x-javascript;charset=ISO-8859-1
vary
Accept-Encoding
server
nginx
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
15a5a919d4b2c63b74bac3c0752f7faa08675d5ecaab478032a0232013a2ba6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
obJk4xP/fYkFcpWKSqgpJw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DE77857ACD4C9B
x-ms-lease-status
unlocked
age
22327
cf-cache-status
HIT
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
application/javascript
last-modified
Sun, 01 Mar 2026 11:27:10 GMT
vary
accept-encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
1a25df77-201e-005f-460d-aa6174000000
cf-ray
9dbb14303ddec2d9-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
8694
x-ms-blob-type
BlockBlob
server
cloudflare
/
185c650ccfd84b27aad189f19681365b.js.ubembed.com/ 		426 B
781 B 		Script
General
Check archive.org
Download Go to
Full URL
https://185c650ccfd84b27aad189f19681365b.js.ubembed.com/
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.75 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
df92d0b2d5878e023ba0d4bab396cc45bffc832a22a4275055af66d694f527f2

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=0, must-revalidate
content-encoding
br
cf-cache-status
HIT
etag
W/"5c73687db2e5c32ff8bcf7444d2a9c1bf48f692d"
age
4934
speculation-rules
"/cdn-cgi/speculation"
cf-ray
9dbb14306c6e5b75-VIE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript
vary
Accept-Encoding, Referer
server
cloudflare
loader.js
assets.adoberesources.net/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adoberesources.net/loader.js?orgId=65B044836154EEEE0A495CBB%40AdobeOrg&instanceId=malwarebytes&env=prod&geo=va7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ92VXZT
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.181.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-52-181-12.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
48ff3efcc74b4d7656eabddd0154f05848443a3016c5f0bc37f8b5ec68882d9b

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=600
content-encoding
gzip
etag
"9c7aab2bbb082337a4223f87fab3818c:1768821832.469238"
expires
Fri, 13 Mar 2026 12:45:30 GMT
accept-ranges
bytes
content-length
5903
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/x-javascript
last-modified
Mon, 19 Jan 2026 11:23:52 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
s.gif
dev.visualwebsiteoptimizer.com/ 		35 B
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=805334&u=DAD08C2922C7D7C19EA9BF706664F1033&s=1773405329&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22de-at%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1773405329909%2C%22tO%22%3A-1%2C%22tz%22%3A%22Europe%2FVienna%22%7D&cu=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security%2F&r=0&p=1&cq=0&eTime=1773405329910&v=fc4a64d5
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
x-content-type-options
nosniff
via
1.1 google
expires
Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/gif
server
gnv02c
pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
get.threatdown.com/pr/grc/ 		0
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://get.threatdown.com/pr/grc/pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
Requested by
Host: get.threatdown.com
URL: https://get.threatdown.com/pr/js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.133 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cf-cache-status
HIT
x-envoy-upstream-service-time
1
age
7635
access-control-allow-credentials
true
cf-ray
9dbb14301e538e61-VIE
accept-ranges
bytes
access-control-allow-origin
https://www.threatdown.com
content-length
0
p3p
CP="This is not a P3P policy! See our docs for more info."
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
text/plain; charset=utf-8
last-modified
Fri, 13 Mar 2026 10:28:14 GMT
vary
Accept-Encoding
server
cloudflare
t
dev.visualwebsiteoptimizer.com/events/ 		0
37 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/events/t?en=vwo_variationShown&a=805334&v=fc4a64d5&_cu=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
Content-Type
text/plain;charset=UTF-8
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, POST
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript; charset=UTF-8
server
gnv02c
access-control-allow-headers
X-Device-User-Agent, Vwo-X-Forwarded-For
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=86&account_id=805334&cu=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security%2F&combination=2&s=1&sId=1773405329&u=DAD08C2922C7D7C19EA9BF706664F1033&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22de-at%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1773405329923%2C%22tO%22%3A-1%2C%22tz%22%3A%22Europe%2FVienna%22%7D&eTime=1773405329955&v=fc4a64d5
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
x-content-type-options
nosniff
via
1.1 google
expires
Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/gif
server
gnv02c
pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
partnerlinks.io/pr/grc/ 		0
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://partnerlinks.io/pr/grc/pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
Requested by
Host: get.threatdown.com
URL: https://get.threatdown.com/pr/js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.133 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cf-cache-status
HIT
x-envoy-upstream-service-time
1
age
5766
access-control-allow-credentials
true
cf-ray
9dbb1430ac0c23b5-VIE
accept-ranges
bytes
access-control-allow-origin
https://www.threatdown.com
content-length
0
p3p
CP="This is not a P3P policy! See our docs for more info."
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
text/plain; charset=utf-8
last-modified
Fri, 13 Mar 2026 10:59:23 GMT
vary
Accept-Encoding
server
cloudflare
pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
grsm.io/pr/grc/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grsm.io/pr/grc/pk_zNmgPvjRLm1eslrqVY5znz4tWYNAVOsx
Requested by
Host: get.threatdown.com
URL: https://get.threatdown.com/pr/js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.212 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cf-cache-status
HIT
x-envoy-upstream-service-time
0
age
70428
access-control-allow-credentials
true
cf-ray
9dbb1430bce04884-VIE
accept-ranges
bytes
access-control-allow-origin
https://www.threatdown.com
content-length
0
p3p
CP="This is not a P3P policy! See our docs for more info."
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
text/plain; charset=utf-8
last-modified
Thu, 12 Mar 2026 17:01:41 GMT
vary
Accept-Encoding
server
cloudflare
truncated
/ 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28b48920a64e295085db5f353539dbff2b7f6d76c4ba71e959ffac345a36c5c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
icon-social-linkedin-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		598 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-linkedin-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
dcca268c994587f5f3821444ffc4d1437aed21492476d0e60ec4c595e576e6bf

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-256"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
598
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-x-twitter-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-x-twitter-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
3c09e996a4bfaf7a0844b82ac6e64c052b366a67e037741b9f040783af2e839d

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-957"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
2391
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-youtube-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		593 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-youtube-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d46b5b98a8379735a4bf27c51fc4f2e1b103b4d2ca3b651ce11f18958a337f06

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"69600c84-251"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
593
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Thu, 08 Jan 2026 19:59:00 GMT
server
nginx
icon-social-facebook-blue.png
www.threatdown.com/wp-content/themes/mbc/images/ 		641 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatdown.com/wp-content/themes/mbc/images/icon-social-facebook-blue.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9cdf623278acfa83fba91ae71cf74bae15c19c026d566d444e72e173522e17de

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
x-rq
vie1 0 30 9980
etag
"6994a2d5-281"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
641
date
Fri, 13 Mar 2026 12:35:29 GMT
content-type
image/png
last-modified
Tue, 17 Feb 2026 17:18:13 GMT
server
nginx
rating_schema.json
www.g2.com/products/threatdown/ 		398 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.g2.com/products/threatdown/rating_schema.json
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.190.41 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc7d2cec31e4e381b692c6da05670e2f9192142f18f9b9fe292c3f08adee9d72
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action https: claude: chatgpt: 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-request-id
e6ac7829c7b2b60d00d5be4c0d62a54c
access-control-max-age
7200
access-control-expose-headers
content-encoding
gzip
cf-cache-status
HIT
etag
W/"bc7d2cec31e4e381b692c6da05670e2f"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
access-control-allow-methods
GET
expires
Fri, 13 Mar 2026 14:35:30 GMT
server-timing
cloudflare_started_at;desc=1772611805883.0, reverse_proxy_started_at;desc=1772611805959.0, application_started_at;desc=1772611805962.0, application_ended_at;desc=1772611805979.0, reverse_proxy_ended_at;desc=1772611805980, cloudflare_ended_at;desc=1773405330147, cfExtPri
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json; charset=utf-8
vary
Origin,Accept-Encoding
x-runtime
0.015880
priority
u=1,i
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action https: claude: chatgpt: 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors 'self' *.g2crowd.com *.g2.com
cache-control
public, max-age=7200
accept-ch
Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
9dbb1430afa8dcf8-VIE
access-control-allow-origin
*
x-datadome
protected
x-xss-protection
1; mode=block
server
cloudflare
pageviews
api.weglot.com/ 		2 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.weglot.com/pageviews?api_key=wg_b310b3cb37917975ba31f8a293be66062
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.149.114 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
Content-Type
text/plain;charset=UTF-8
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-methods
POST
x-content-type-options
nosniff
cf-ray
9dbb1430eedc5b51-VIE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
2
server-timing
cfExtPri
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
access-control-allow-headers
Content-Type
g.gif
pixel.wp.com/ 		50 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.08556459638254155
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
no-cache
access-control-allow-origin
*
content-length
50
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/gif
server
nginx
locate
www.threatdown.com/wp-json/td/v1/ 		1 KB
1011 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-json/td/v1/locate
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/_static/??-eJx1zcsOhCAMheEXGq06XlZmnkVqE0EpSCG+/nThluXJ/yUHnthg4EycIR/kScAbBCcgmGzMrbfcOvmAOst4lV2F1sI7JcGQqCbMhqcJXO1btE2iu5BUT3SqeuvPr/2yfIdxHqbO/QGVaUIf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
a01b8d571f66eaba0715d4c1c64450f808f1c6d9d6f73c1091e606ac4bd040b7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-robots-tag
noindex
link
<https://www.threatdown.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
cache-control
max-age=60
content-encoding
br
x-rq
vie1 0 30 9980
x-content-type-options
nosniff
allow
GET
accept-ranges
bytes
x-cache
EXPIRED
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
getForm
go.malwarebytes.com/index.php/form/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/index.php/form/getForm?munchkinId=805-USG-300&form=6056&url=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security%2F&callback=jQuery371021510954823486805_1773405329984&_=1773405329985
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b755e829092b82b254f2cba329119ad7af0c9aa4b96b661eaea4b4e94faae736

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cf-ray
9dbb1430bab24f59-VIE
cached
true
content-encoding
gzip
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
cloudflare
/
www.threatdown.com/wp-json/wp/v2/ 		296 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-json/wp/v2/
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSouxSmZxSX6Gfn52cVQFfa5tobm5sZGJmZGJpZZAEtsLqo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d6c26d0682e2d4ea7eb8d4e2ac88134882dc0f587ae0ad30c18f444f4072bcaf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-robots-tag
noindex
link
<https://www.threatdown.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
cache-control
max-age=60
content-encoding
br
x-rq
vie1 0 30 9980
x-content-type-options
nosniff
allow
GET
accept-ranges
bytes
x-cache
EXPIRED
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
server
nginx
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
g.gif
pixel.wp.com/ 		50 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=220729883&post=150373&tz=0&srv=www.threatdown.com&hp=vip&j=1%3A15.5-beta&host=www.threatdown.com&ref=&rand=0.5363102047164451
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
no-cache
access-control-allow-origin
*
content-length
50
alt-svc
h3=":443"; ma=86400
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/gif
server
nginx
bundle.js
assets.ubembed.com/universalscript/releases/v0.184.0/ 		186 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.ubembed.com/universalscript/releases/v0.184.0/bundle.js
Requested by
Host: 185c650ccfd84b27aad189f19681365b.js.ubembed.com
URL: https://185c650ccfd84b27aad189f19681365b.js.ubembed.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.31 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-108-138-26-31.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4491fdaf87c52bd480a77d73ad1dd94f34795eaf38f95503698c9909f01de0f2

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

vary
accept-encoding
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"713505b9ffe640af4d6413451bd991b6"
age
18825872
via
1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
COD-ZIjbCapFaXtXuCuKS1zLrQwq8dNKwNSRWCbli673PXR1uZMQcA==
date
Thu, 07 Aug 2025 15:10:59 GMT
content-type
application/javascript
last-modified
Wed, 06 Aug 2025 21:44:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
8606bd61-50b6-4e49-bc29-479b4ef00e8f
https://www.threatdown.com/ 		0
0
nc-0a6e0fdab13aa6f6f1c5bbec890aa92e.br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/ 		91 KB
25 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/nc-0a6e0fdab13aa6f6f1c5bbec890aa92e.br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
8724bd1cbc2238b916d4fe3d3be4284e85182c7c3b827ab491ecf8dd22d46356

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=ZvL7nw==, md5=pKcbeLUNMQIifSicvdYW+g==
etag
"a4a71b78b50d3102227d289cbdd616fa"
age
10942
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
25966
date
Fri, 13 Mar 2026 09:33:08 GMT
last-modified
Fri, 13 Mar 2026 08:59:42 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWwxS9X86y3lV3Bhn8MdtOSEq10mbMYhi27TiasbnW1kNsZ5UBcCHZTmavAYc5b4qkLT
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1773392382564132
content-length
25966
content-language
en
server
UploadServer
jp-search.defaultVendors.js
www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 		79 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=4d917681b1ce7c21dde6
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=75be4b99af5da8e881da
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
1b6c509f726d799e0868c269331f7d925c920aea7e9dbf874a26a36a847d427e

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b062be-13c56"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript
last-modified
Tue, 10 Mar 2026 18:28:14 GMT
server
nginx
vary
Accept-Encoding
jp-search.chunk-main-payload.js
www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 		76 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=cd795567af627a8f0d05
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-content/mu-plugins/jetpack-15.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=75be4b99af5da8e881da
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9e6190fbd6661bc3857ac88598aedcf7f1a1619489af26f98a8399357c0f9b36

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b062be-13057"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript
last-modified
Tue, 10 Mar 2026 18:28:14 GMT
server
nginx
vary
Accept-Encoding
381d1392-b15b-49e3-9cf9-8a5e644c68da.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/381d1392-b15b-49e3-9cf9-8a5e644c68da.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
010abc1425a170a391af2a90f06ff1b98b92c43dc33523ed2c6dac45ac81e1ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
nUbRTozUxLYIMnhgUCHCQw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding, X-OneTrust-IsBot
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC4E8C3C5954DF
age
29319
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sat, 14 Mar 2026 12:35:30 GMT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
last-modified
Wed, 27 Mar 2024 18:32:19 GMT
vary
accept-encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-onetrust-isbot
false
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
4563478a-c01e-007c-5e02-4e0ebf000000
cf-ray
9dbb14315b4e5a99-VIE
accept-ranges
bytes
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
settings.js
dev.visualwebsiteoptimizer.com/dcdn/ 		58 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/dcdn/settings.js?a=805334&settings_type=4&ts=1773394398&dt=desktop&cc=AT
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
gfra2 /
Resource Hash
ce11abc9bb331259fea69ba21a4425dbfb91a5d00549b21d85e210f1a9db97d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn_cache_status
miss
cache-control
public, max-age=1800, stale-while-revalidate=900
content-encoding
br
etag
W/"1773394398_EA"
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
gfra2
wp-emoji-release.min.js
www.threatdown.com/wp-includes/js/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/wp-includes/js/wp-emoji-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1 0 30 9980
etag
W/"69b1972a-58ea"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript
last-modified
Wed, 11 Mar 2026 16:24:10 GMT
server
nginx
vary
Accept-Encoding
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		66 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b48d11dbac539f01e3b9666a65411f1a47b525cc0c8083110bcb32a6f66ac0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
accept
application/json
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
9dbb1431fd896c45-VIE
access-control-allow-origin
*
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
track-c73505df8ffdf70c1035a5198b849cbbbr.js
dev.visualwebsiteoptimizer.com/cdn/7.0/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/7.0/track-c73505df8ffdf70c1035a5198b849cbbbr.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc6606953e6b209857b78d2d3d7fa0dec253d09412d596cb7fbd7de6c2563bc5

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=DLuFxg==, md5=DM6KzE83lBONFGbosxmB7g==
etag
"0cce8acc4f3794138d1466e8b31981ee"
age
11690
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5419
date
Fri, 13 Mar 2026 09:20:40 GMT
last-modified
Wed, 25 Feb 2026 10:58:51 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWxK8Wn_J71R7bMjNRvLjNCETf_A1tWwtNRGBk1vjKIw1zait3EvgHhoFDhqy87MuEEC
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1770699005705116
content-length
5419
content-language
en
server
UploadServer
opaEv-cc76a7b6a49f9bdfb3b0a43f9ec5581dbr.js
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 		176 KB
44 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opaEv-cc76a7b6a49f9bdfb3b0a43f9ec5581dbr.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc7dbe8d92718afacab73a22e568f2c03a2ce7a37baa2f49bb7d4912502cd35b

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=KeORwg==, md5=ImiHFynnzzI/qIyl2Ydf9w==
etag
"2268871729e7cf323fa88ca5d9875ff7"
age
264256
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
45099
date
Tue, 10 Mar 2026 11:11:14 GMT
last-modified
Tue, 10 Mar 2026 09:27:06 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWwe2P9ZSZ2OaHMv-x-Cl3KuYgjbsN-Vh-trPjVixjJSpxa4sx65des1y0HMMtPAp5CSZv-Hq9s
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1773134826541122
content-length
45099
content-language
en
server
UploadServer
worker-70faafffa0475802f5ee03ca5ff74179br.js
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 		46 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/worker-70faafffa0475802f5ee03ca5ff74179br.js
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.218.251 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS
251.218.107.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=t9nekA==, md5=OTBW++nqbotSERjfhuer5A==
etag
"393056fbe9ea6e8b521118df86e7abe4"
age
1767243
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
13401
date
Sat, 21 Feb 2026 01:41:27 GMT
last-modified
Thu, 05 Feb 2026 13:29:26 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AGQBYWzY7kvTW--UpBxMcA_acsXxwFbrvt9lE5lWiK8p31kZo9bWHj0Tk3RNB7tyUnEPlapt
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1768479151961984
content-length
13401
content-language
en
server
UploadServer
forms2.css
go.malwarebytes.com/js/forms2/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/js/forms2/css/forms2.css
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e41ce8cc62ad5a5792df8b49d9a6c492b162ee43d3c4d021dd3c62aa3702f27c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"16a132d-3474-64cdf275222cc"
x-content-type-options
nosniff
cf-ray
9dbb14322d884f59-VIE
expires
Fri, 13 Mar 2026 16:35:30 GMT
accept-ranges
bytes
content-length
2634
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
text/css
last-modified
Fri, 13 Mar 2026 03:06:21 GMT
vary
Accept-Encoding
server
cloudflare
forms2-theme-simple.css
go.malwarebytes.com/js/forms2/css/ 		826 B
379 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"740b63-33a-64b07e9b3e880"
age
5505
x-content-type-options
nosniff
cf-ray
9dbb14322d8a4f59-VIE
expires
Fri, 13 Mar 2026 16:35:30 GMT
accept-ranges
bytes
content-length
242
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
text/css
last-modified
Tue, 17 Feb 2026 16:53:38 GMT
vary
Accept-Encoding
server
cloudflare
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202403.1.0/ 		442 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
kUodklFyKXDEOUEPkRF3YA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBFFA9F82
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
85362
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 21:39:19 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
494e3024-401e-00aa-1d06-f34565000000
cf-ray
9dbb14324fb8c2d9-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
109667
x-ms-blob-type
BlockBlob
server
cloudflare
XDFrame
go.malwarebytes.com/index.php/form/ Frame D194 		2 KB
952 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/index.php/form/XDFrame
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
837b96331fe847d63110348763da76af78f2351b85dbb7e3f30c8ed404178d61
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatdown.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Linux"

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
9dbb14332ed983f0-VIE
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 13 Mar 2026 12:35:30 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
index.js
assets.adoberesources.net/builds/9f3ebe7d468ed39ab91c3bfd3f7de0214e72e953/dist/core/src/ 		220 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adoberesources.net/builds/9f3ebe7d468ed39ab91c3bfd3f7de0214e72e953/dist/core/src/index.js
Requested by
Host: assets.adoberesources.net
URL: https://assets.adoberesources.net/loader.js?orgId=65B044836154EEEE0A495CBB%40AdobeOrg&instanceId=malwarebytes&env=prod&geo=va7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.181.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-52-181-12.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
f9fd05d5a5a915d97fd71e09785dc042b8f5052a19256abcee2a8d683e7aa4ad

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=161
content-encoding
gzip
etag
"1ed4604fd90e53a40b0fdb6f8d710651:1768816108.286851"
expires
Fri, 13 Mar 2026 12:38:11 GMT
accept-ranges
bytes
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/x-javascript
last-modified
Mon, 19 Jan 2026 09:48:28 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
index.js
assets.adoberesources.net/builds/9f3ebe7d468ed39ab91c3bfd3f7de0214e72e953/dist/core-ui/src/ 		197 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adoberesources.net/builds/9f3ebe7d468ed39ab91c3bfd3f7de0214e72e953/dist/core-ui/src/index.js
Requested by
Host: assets.adoberesources.net
URL: https://assets.adoberesources.net/loader.js?orgId=65B044836154EEEE0A495CBB%40AdobeOrg&instanceId=malwarebytes&env=prod&geo=va7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.181.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-52-181-12.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
1e00a130115818a5b1bf9ce5bf2bccd346474acde39226911bb26c3e8a53ef95

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=77
content-encoding
gzip
etag
"3ef5d26e5451e92b2f3fe74966f7efd5:1768816108.292909"
expires
Fri, 13 Mar 2026 12:36:47 GMT
accept-ranges
bytes
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/x-javascript
last-modified
Mon, 19 Jan 2026 09:48:28 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
de.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/018e8128-6f85-7df4-b207-ed48394e497c/ 		41 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/018e8128-6f85-7df4-b207-ed48394e497c/de.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
63057c791549e1bcc10301e2ab6a076b9ec743d75d7b17d664bf3d577681eb73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
U+26A3vZ3DanUWsNbfYvoQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding, X-OneTrust-IsBot
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC4E8C4517E127
age
23255
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sat, 14 Mar 2026 12:35:30 GMT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
last-modified
Wed, 27 Mar 2024 18:32:34 GMT
vary
accept-encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-onetrust-isbot
false
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
76769a0f-401e-0000-500b-8a938a000000
cf-ray
9dbb14336d6f5a99-VIE
accept-ranges
bytes
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
gWbZdVb/GsEUTnv/p/InTg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBBC2C661
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
71767
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f5b537fd-101e-0031-2c27-bbc85d000000
cf-ray
9dbb1433fe075a99-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
3041
x-ms-blob-type
BlockBlob
server
cloudflare
otPcPanel.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/ 		64 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/otPcPanel.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed759f9b0f407aa73df997bddf186c37a1927d2b0f8d2f7031067ecacf7581d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
uFS5wT+0+fvZJFPYO6D9oQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBD299C3B
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
71767
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
f16f82d4-001e-008f-2602-4eddd6000000
cf-ray
9dbb1433fe095a99-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
12960
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
yb3U5LP1G8IlMRT4O3b4PA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5DFBCCCC97D
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
71767
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 21:39:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
5566cebb-501e-00b5-4404-ac9e75000000
cf-ray
9dbb1433fe0e5a99-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
4ErYmXXFNbMLrnc9DrDTsg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
cf-cache-status
HIT
x-ms-lease-status
unlocked
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 21:39:25 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
37a3d73b-201e-0054-0a89-e17900000000
cf-ray
9dbb1433fe115a99-VIE
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
forms2.min.js
go.malwarebytes.com/js/forms2/js/ Frame D194 		201 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.malwarebytes.com/js/forms2/js/forms2.min.js
Requested by
Host: go.malwarebytes.com
URL: https://go.malwarebytes.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
152e8c2bf61e2e7461c42b8f90771a9887ea0d0fb574fccee3c0a9a724d0d829
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://go.malwarebytes.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"16a132f-32530-64cdf27526535"
age
5506
x-content-type-options
nosniff
cf-ray
9dbb14341ff883f0-VIE
expires
Fri, 13 Mar 2026 16:35:30 GMT
accept-ranges
bytes
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
application/x-javascript
last-modified
Fri, 13 Mar 2026 03:06:21 GMT
vary
Accept-Encoding
server
cloudflare
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
613 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
cf-cache-status
HIT
x-ms-lease-status
unlocked
age
31865
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/svg+xml
last-modified
Sun, 01 Mar 2026 11:27:13 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8640f5d7-b01e-003c-7cf6-a92751000000
cf-ray
9dbb14347a38c2d9-VIE
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
687 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202403.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
cf-cache-status
HIT
x-ms-lease-status
unlocked
age
10717
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/svg+xml
last-modified
Sun, 01 Mar 2026 11:27:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
54c7b888-801e-0016-1627-aa5214000000
cf-ray
9dbb14348e905a99-VIE
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ThreatDown_Horizontal_Reverse_1.png
cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/6e92ecb0-4e42-4d30-8f04-407f278db3b5/b82dfa15-25d8-4665-ba3c-6a24ec909e54/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/6e92ecb0-4e42-4d30-8f04-407f278db3b5/b82dfa15-25d8-4665-ba3c-6a24ec909e54/ThreatDown_Horizontal_Reverse_1.png
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c32294948f5448c2ac0bcdf5b98909dab4ee73ac854be06bfd4a13bce89363
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
nH40X2VjWJZythBS11v9uw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DBE4905AE5595C
age
71767
cf-cache-status
HIT
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/png
last-modified
Mon, 13 Nov 2023 21:34:45 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
6378ca53-f01e-00d5-2a6a-e2db57000000
cf-ray
9dbb14349a57c2d9-VIE
accept-ranges
bytes
access-control-allow-origin
*
content-length
6630
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.threatdown.com
URL: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.87.42 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,ETag,Last-Modified,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
cf-cache-status
HIT
x-ms-lease-status
unlocked
age
14511
x-content-type-options
nosniff
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/svg+xml
last-modified
Sun, 01 Mar 2026 11:27:13 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
b5313007-201e-007d-491f-aa0f42000000
cf-ray
9dbb14349a59c2d9-VIE
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
favicon.svg
www.threatdown.com/wp-content/uploads/2023/11/ 		31 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.threatdown.com/wp-content/uploads/2023/11/favicon.svg?w=16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.66.84 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
c9e433acb7082694e1a6a861ad1bd4f218ea3cdd57fcbfff823a0967a2aa925e

Request headers

sec-ch-ua-platform
"Linux"
Referer
https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
sec-ch-ua
"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"
sec-ch-ua-mobile
?0

Response headers

cache-control
max-age=31536000
content-encoding
br
x-rq
vie1
etag
W/"cec9cedda1f1bde1"
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
date
Fri, 13 Mar 2026 12:35:30 GMT
content-type
image/svg+xml
vary
Accept-Encoding
server
nginx
last-modified
Tue, 07 Nov 2023 06:54:38 GMT
activation
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io/ Frame 		0
0
activation
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.threatdown.com
URL
blob:https://www.threatdown.com/e5a5bab5-b13f-46c7-a565-a028667ff4b6
Domain
www.threatdown.com
URL
blob:https://www.threatdown.com/8606bd61-50b6-4e49-bc29-479b4ef00e8f
Domain
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io
URL
https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io/activation
Domain
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io
URL
https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io/activation

Verdicts & Comments Add Verdict or Comment

121 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| dataLayer boolean| f object| v object| cc object| code object| _vwo_code function| jQuery object| wp object| WeglotSwitcherControl object| acf object| acfL10n number| _VWO_Jphp_StartTime object| _VWO string| _vwo_mt string| _vwo_cookieDomain string| _vwo_surveyAssetsBaseUrl object| VWO number| _vwo_acc_id object| vwo_iehack_queue object| VWOOmni number| _vwoIntegrationsLoaded object| _vwoCc string| _vwo_cdn string| _vwo_apm_debug_cdn string| vwo_eT number| _vwo_library_timer boolean| _vwo_wt_l object| mainThread object| vwoChannelFW object| vwoChannelToW boolean| _vwo_mt_l number| _VWO_VaGQ_StartTime object| _vwo_evq function| _vwo_ev object| fetcher object| _vwo_api_section_callback object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vis_opt_queue function| vwo_dctag function| _removeVwoGlobalStyle boolean| DISABLE_NATIVE_CONSTANTS function| vwo_$ object| functionWrapper function| _vwo_s object| vU object| _vwoSeg object| _vwo_t string| _vwo_server_url object| _vwo_exp function| _vis_opt_readCookie function| _vis_opt_createCookie string| _vwo_uuid function| _vis_opt_goal_conversion function| _vis_opt_register_conversion function| _vis_opt_revenue_conversion function| _vis_opt_element_loaded object| _vwo_surveySettings object| _vwo_exp_ids object| google_tag_manager object| google_tag_data function| OptanonWrapper object| expList boolean| VWOspvEventListenerAdded object| growsumo object| MktoForms2 object| algolia object| SQB_Config function| getQuizStyleTag object| JetpackInstantSearchOptions object| webpackChunk_automattic_jetpack_search object| wpcom object| _tkq object| _stq object| wpApiSettings function| _ object| Backbone object| messageBarInfo object| _wpUtilSettings function| algoliasearch function| algoliaAutocomplete function| st_go function| linktracker_init object| _wpemojiSettings function| _typeof function| _defineProperty function| _toPropertyKey function| _toPrimitive object| utmValues string| gclidFieldName object| utmParams function| populateUTMFieldsFromGTM function| populateGCLIDFieldFromGTM function| populateMWBOptimizationField function| checkForMarketoForms function| hasOwnProperty object| usi_commons object| usi_cookies object| usi_aff object| usi_app object| _vwo_pa object| twemoji object| OtTrustedType object| ube number| ___vwo object| VWOInsights object| __nls object| otStubData function| addCaptchaScript object| AdobeDX function| parcelRequireb775 function| flatpickr object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups number| _zid boolean| vwo_libExecuted

17 Cookies

Domain/Path Name / Value
www.threatdown.com/ Name: mtsnb_lastvisited
Value: 1773405328
www.threatdown.com/ Name: mtsnb_lastvisit_posts
Value: %5B150373%5D
.threatdown.com/ Name: _vwo_uuid_v2
Value: DAD08C2922C7D7C19EA9BF706664F1033|02d3f0468ee8fa5f3aa562b0f6eb4e2a
.threatdown.com/ Name: _vwo_uuid
Value: DAD08C2922C7D7C19EA9BF706664F1033
.threatdown.com/ Name: _vis_opt_s
Value: 1%7C
.threatdown.com/ Name: _vis_opt_test_cookie
Value: 1
.threatdown.com/ Name: _vwo_sn
Value: 0%3A1%3A%3A%3A1
.threatdown.com/ Name: _vis_opt_exp_86_combi
Value: 2
.go.malwarebytes.com/ Name: __cf_bm
Value: f.fckZC9Vm4eqIjKMhdQBxtMSU5v0f9JP6fyPmm89MQ-1773405329-1.0.1.1-brm3.70zQII1ZqI0NtB4LtTM6r41OSFilHG82W9v6CYGQq_9jSwxlttzM_YXH1UrEqxAwti2683HDoWz4ilkUUvHg7UJ.i.fPYFRbTcFCxc
.threatdown.com/ Name: pscd
Value: get.threatdown.com
.js.ubembed.com/ Name: __cf_bm
Value: iAbXDN38K9vPwOrY_q8DcNyWLMhx9lzM4.VlF38ptQc-1773405330-1.0.1.1-HEum_XMFPrBN8vwFRBnnrN.9ABzuXKr76N.Qx7gwnbBFpg0lZykykw6jF5eI8TLT8J98Q3qIdfwOMnHFun9hyGARcoxOc3L13oh6cOX4ONU
.threatdown.com/ Name: tk_ai
Value: Mem8yogWu36NG8PNPmRE5gTF
.threatdown.com/ Name: _vwo_ds
Value: 3%3At_0%2Ca_0%3A0%241773405329%3A11.56325821%3A%3A%3A%3A1%3A1773405329%3A1773405329%3A1%3A86_1773405329
www.g2.com/ Name: events_distinct_id
Value: ad1af65f-cb30-42bf-9cca-6cec416b51d3
.g2.com/ Name: _g2_session_id
Value: b48137eb50f1b84408cf4c20e40bbd3d
.g2.com/ Name: __cf_bm
Value: QrBje9Jj5Xv.UcVT5zCkSwC634liVVQGQ.csMIBfNV8-1773405330-1.0.1.1-jLaTWTDIkuvFSGhB1ckqGhYEg88v6RR6kfvKitl7WOIIqTYp8uhLjCYO4qF9FTUMqNA3_MF_rCEdHb4y1.UUWRvNWk2exPHQIKGmQhrlj30
.threatdown.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Mar+13+2026+13%3A35%3A30+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=76fca636-279a-49e2-9390-aa1cce099ea9&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fcastlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security%2F&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0

1 Console Messages

Source Level URL
Text
network error URL: https://www.threatdown.com/wp-content/themes/mbc/images/indic-chevron-right.svg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

185c650ccfd84b27aad189f19681365b.js.ubembed.com
api.weglot.com
assets.adoberesources.net
assets.ubembed.com
cdn.cookielaw.org
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
get.threatdown.com
go.malwarebytes.com
grsm.io
partnerlinks.io
pixel.wp.com
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io
stats.wp.com
www.g2.com
www.googletagmanager.com
www.threatdown.com
www.upsellit.com
project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io
www.threatdown.com
104.16.190.41
104.17.71.206
104.17.72.206
104.18.11.212
104.18.30.133
104.18.32.137
104.18.87.42
108.138.26.31
142.251.208.10
142.251.209.8
142.251.38.131
172.64.148.75
172.64.149.114
192.0.66.84
192.0.76.3
23.52.181.12
34.107.218.251
34.117.39.58
010abc1425a170a391af2a90f06ff1b98b92c43dc33523ed2c6dac45ac81e1ab
06b9f58045dc07771d9806ca58e3c7d124e719fd203507e28f2a7bc44c470846
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
0772c944b7f3d9ed1ee8f2aeb5506baf02089b2cf66aa6c03d3dd0538d0d97dc
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0
0b3b65b4516fd66dfb3ce6863eab69d5233436aa03cdf698dc34fc4b6bf7cc9b
0ed759f9b0f407aa73df997bddf186c37a1927d2b0f8d2f7031067ecacf7581d
1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
152e8c2bf61e2e7461c42b8f90771a9887ea0d0fb574fccee3c0a9a724d0d829
15a5a919d4b2c63b74bac3c0752f7faa08675d5ecaab478032a0232013a2ba6a
1b016d0cd2ad3511e61f62abcaf5b39ae328744437404ebf1cf5500059247b39
1b6c509f726d799e0868c269331f7d925c920aea7e9dbf874a26a36a847d427e
1e00a130115818a5b1bf9ce5bf2bccd346474acde39226911bb26c3e8a53ef95
1e183a40e8d763ac38b53e179a0f5fcc5249165c164917c039fe579be6c93424
25f404c7089e567ef273eab5e7e1e02d59f0da5e0d270fa2608ec2a3563c5a67
28b48920a64e295085db5f353539dbff2b7f6d76c4ba71e959ffac345a36c5c1
2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe
3c09e996a4bfaf7a0844b82ac6e64c052b366a67e037741b9f040783af2e839d
3c4071bba46daa53d2041d21c0d945c5a1ca1bcc8bcbccf44f02109933193192
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4491fdaf87c52bd480a77d73ad1dd94f34795eaf38f95503698c9909f01de0f2
45bc7901f8bcaa77e9fd13c5917313d6bef262b9770e134c28bfe2a3d133016e
48ff3efcc74b4d7656eabddd0154f05848443a3016c5f0bc37f8b5ec68882d9b
4b17e53aba156c805e635b370a0bb01ad2529bad48ecf827544695ecdc055ed2
5b48d11dbac539f01e3b9666a65411f1a47b525cc0c8083110bcb32a6f66ac0c
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
63057c791549e1bcc10301e2ab6a076b9ec743d75d7b17d664bf3d577681eb73
6805c82f7838e734794fd21f37a973df4aaabf06b6133bac3705d0f83068b7cb
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6d1137d21f3ba78b8a882dbf77f7c88712ad02a3f5efdce5ff996a67c15a6bf6
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
776d6ebf55c05a35a1a90d312315ed0b65b03bb77e43fb7b984ed9997e284490
78dcd86944d90b0c8b9961f9dcc63bfc047dfdb2647d02ec3871138cc2ca0f75
7c1b732b9d984d840ee9bb8e57ee52dd7f5b926d8f1f13b8d0d288705d85880f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
837b96331fe847d63110348763da76af78f2351b85dbb7e3f30c8ed404178d61
84361c8cb8bdb49273c762e46ea6c66bd4a373f62f899fdd83ff93987c01825a
8724bd1cbc2238b916d4fe3d3be4284e85182c7c3b827ab491ecf8dd22d46356
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
920f7c3dc77335f796e438e4cf0b6a5d5a0ff26372005f024a4faf145bf35a2f
9797b7049e90dce53a98bc42da75f326448da5ef73d3229a428eff4b6435c7b9
9b8896b4bdd1723af08d7fa473b2a059ceac0de2bcde11530752ba3266571e41
9cdf623278acfa83fba91ae71cf74bae15c19c026d566d444e72e173522e17de
9e6190fbd6661bc3857ac88598aedcf7f1a1619489af26f98a8399357c0f9b36
a01b8d571f66eaba0715d4c1c64450f808f1c6d9d6f73c1091e606ac4bd040b7
a1bbdc96b40bc122a569fd60fc13ab88bcc4a03713ed73806fd57f498bf8b923
a6b229a8c778694e135c29ab8567fa2ba2c573f2978eff82fe638b5111ecf5d3
a73d6e7d63331edee02800a34a529bed3d158df9a87c0fec16c18803061a28a3
ae0672aa01a276f74c2088c271b38655db73a822ccffe9349ceb38b0d7cb436e
b5679062fb564b2b273f7a3dd4bf73ebaf676f2fb850af8533a0327d94bd2ddf
b755e829092b82b254f2cba329119ad7af0c9aa4b96b661eaea4b4e94faae736
b7ef5d56cc81e313639ce620234f25c7529c3328b7477d9b5695a987a8f93ceb
bbcc769c4704058d89afc024f24dde11deed8ec61b99f1d52ba935fad8614523
bc7d2cec31e4e381b692c6da05670e2f9192142f18f9b9fe292c3f08adee9d72
c8c32294948f5448c2ac0bcdf5b98909dab4ee73ac854be06bfd4a13bce89363
c99c0a54cd4e1b44926d0bbeb3fc307a12349389648bce3c47370a26897c41c2
c9e433acb7082694e1a6a861ad1bd4f218ea3cdd57fcbfff823a0967a2aa925e
ce11abc9bb331259fea69ba21a4425dbfb91a5d00549b21d85e210f1a9db97d6
d05d2673ba66ebb466486298e9f5b4c1028ec12bf25ea69e6d8d8ef3ec0c832d
d3c2d4013b29c1b94c18923287eb6afd768b1dc3e945cc60fb799c5dfc77ee9f
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d46b5b98a8379735a4bf27c51fc4f2e1b103b4d2ca3b651ce11f18958a337f06
d4efe709c65438ae90dff385486421fea45762880f21fc4e0dca3fa96210f428
d6c26d0682e2d4ea7eb8d4e2ac88134882dc0f587ae0ad30c18f444f4072bcaf
dcca268c994587f5f3821444ffc4d1437aed21492476d0e60ec4c595e576e6bf
df92d0b2d5878e023ba0d4bab396cc45bffc832a22a4275055af66d694f527f2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41ce8cc62ad5a5792df8b49d9a6c492b162ee43d3c4d021dd3c62aa3702f27c
e4ece54c11eb4c4fadb3118d5db8ebc106d76e30d887c1a434669409ca27c8c2
e83c50ba1915abd2e0ea2b685cd80ecfb4a12fdcfc05c4a7b3eae3737d8506bd
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f557bd9196f91039eb50e1983447d953e692cb64e59b9bca36963bc8c855128c
f8bb8655bd867b129e0c21889e3816c182f0052d8f16c6c4a239c0f0b4dacab0
f99a3571e8057b5a95d4069144f74b865713581f6fa2236b42f9a9335c6aacfd
f9fd05d5a5a915d97fd71e09785dc042b8f5052a19256abcee2a8d683e7aa4ad
fc6606953e6b209857b78d2d3d7fa0dec253d09412d596cb7fbd7de6c2563bc5
fc7dbe8d92718afacab73a22e568f2c03a2ce7a37baa2f49bb7d4912502cd35b
fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca