seravo.com
Open in
urlscan Pro
2a01:4f9:4a:2814::2
Public Scan
Effective URL: https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
Submission: On September 21 via api from US
Summary
TLS certificate: Issued by Gandi Standard SSL CA 2 on August 31st 2020. Valid for: a year.
This is the only time seravo.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 23 | 2a01:4f9:4a:2... 2a01:4f9:4a:2814::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2008 | 15169 (GOOGLE) (GOOGLE) | |
4 | 151.101.112.157 151.101.112.157 | 54113 (FASTLY) (FASTLY) | |
2 | 2a04:fa87:fff... 2a04:fa87:fffe::c000:4902 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::200e | 15169 (GOOGLE) (GOOGLE) | |
5 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 192.0.78.13 192.0.78.13 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
2 | 2a00:14c0:1:3... 2a00:14c0:1:307:aa51::147 | 35382 (CAPNOVA-AS) (CAPNOVA-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::2004 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:824::2004 | 15169 (GOOGLE) (GOOGLE) | |
47 | 14 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
fonts.gstatic.com | |
www.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
seravo.com
1 redirects
seravo.com |
471 KB |
5 |
gstatic.com
fonts.gstatic.com www.gstatic.com |
189 KB |
4 |
twitter.com
platform.twitter.com |
31 KB |
3 |
google.com
www.google.com |
577 B |
2 |
seravo.fi
seravo-cspreports.seravo.fi |
915 B |
2 |
gravatar.com
secure.gravatar.com |
11 KB |
2 |
fontawesome.com
use.fontawesome.com |
74 KB |
1 |
wordpress.com
video.wordpress.com v0.wordpress.com Failed |
|
1 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
googleapis.com
fonts.googleapis.com |
660 B |
1 |
googletagmanager.com
www.googletagmanager.com |
35 KB |
1 |
bootstrapcdn.com
netdna.bootstrapcdn.com |
3 KB |
47 | 12 |
Domain | Requested by | |
---|---|---|
23 | seravo.com |
1 redirects
seravo.com
|
4 | fonts.gstatic.com |
fonts.googleapis.com
|
4 | platform.twitter.com |
seravo.com
platform.twitter.com |
3 | www.google.com |
seravo.com
www.gstatic.com |
2 | seravo-cspreports.seravo.fi |
seravo.com
www.google-analytics.com |
2 | secure.gravatar.com |
seravo.com
|
2 | use.fontawesome.com |
seravo.com
use.fontawesome.com |
1 | www.gstatic.com |
www.google.com
|
1 | video.wordpress.com |
seravo.com
|
1 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | fonts.googleapis.com |
seravo.com
|
1 | www.googletagmanager.com |
seravo.com
|
1 | netdna.bootstrapcdn.com |
seravo.com
|
0 | v0.wordpress.com Failed |
seravo.com
|
47 | 14 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.seravo.com Gandi Standard SSL CA 2 |
2020-08-31 - 2021-10-02 |
a year | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
platform.twitter.com DigiCert SHA2 High Assurance Server CA |
2020-08-13 - 2021-08-18 |
a year | crt.sh |
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA |
2020-08-14 - 2022-11-16 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA |
2020-08-12 - 2022-11-14 |
2 years | crt.sh |
*.seravo.fi Gandi Standard SSL CA 2 |
2019-02-22 - 2021-03-01 |
2 years | crt.sh |
www.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
This page contains 6 frames:
Primary Page:
https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
Frame ID: 104E8A52F09AE16303DE468551D16A8B
Requests: 42 HTTP requests in this frame
Frame:
https://video.wordpress.com/embed/riYXMp9Q?hd=1
Frame ID: 5BBCD4E0884B0FE7F622A2B946025E66
Requests: 1 HTTP requests in this frame
Frame:
https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fseravo.com
Frame ID: F777BADA71F2982892BFF87C62AAC840
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc-C3QUAAAAAH_R6XSL8oWMsI-uo-TdqqFzmM73&co=aHR0cHM6Ly9zZXJhdm8uY29tOjQ0Mw..&hl=en&v=6TWYOsKNtRFaLeFqv5xN42-l&theme=light&size=normal&cb=oollp5qpdqly
Frame ID: 2A06626A8B96162F23689452B320F2E5
Requests: 1 HTTP requests in this frame
Frame:
https://platform.twitter.com/embed/index.html?creatorScreenName=Seravo&dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1300797170258505728&lang=en&origin=https%3A%2F%2Fseravo.com%2Fblog%2F0-day-vulnerability-in-wp-file-manager%2F&siteScreenName=Seravo&theme=light&widgetsVersion=219d021%3A1598982042171&width=500px
Frame ID: 13996911F86AB767B784FCD1CB853ABA
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=6TWYOsKNtRFaLeFqv5xN42-l&k=6Lc-C3QUAAAAAH_R6XSL8oWMsI-uo-TdqqFzmM73&cb=mtaj64yxp937
Frame ID: 81691EB89CEB654EB2E359249DB89998
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
HTTP 301
https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP (Programming Languages) Expand
Detected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL (Databases) Expand
Detected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
70 Outgoing links
These are links going to different origins than the main page.
Title: FI
Search URL Search Domain Scan URL
Title: SV
Search URL Search Domain Scan URL
Title: 0-day
Search URL Search Domain Scan URL
Title: WordPress plugin WP File Manager
Search URL Search Domain Scan URL
Title: WordPress security database wpvulndb.com
Search URL Search Domain Scan URL
Title: security notice for WP File Manager < 6.9
Search URL Search Domain Scan URL
Title: this is the version distribution of WP File Manager active installations
Search URL Search Domain Scan URL
Title: elFinder project
Search URL Search Domain Scan URL
Title: version 6.9 of WP File Manager plugin fixes current issue by removing the endpoint which allowed unauthenticated access to file upload
Search URL Search Domain Scan URL
Title: password hygiene
Search URL Search Domain Scan URL
Title: Fortiguard
Search URL Search Domain Scan URL
Title: Nintech: Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations)
Search URL Search Domain Scan URL
Title: Wordfence: 700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
Search URL Search Domain Scan URL
Title: Japan
Search URL Search Domain Scan URL
Title: Panama
Search URL Search Domain Scan URL
Title: Cyprys
Search URL Search Domain Scan URL
Title: Graham Clueley Hot for Security blog
Search URL Search Domain Scan URL
Title: Ars Technica Hackers are exploiting a critical flaw affecting >350,000 WordPress sites
Search URL Search Domain Scan URL
Title: Bleeping Computer.com: Hackers actively exploiting severe bug in over 300K WordPress sites
Search URL Search Domain Scan URL
Title: The Daily Swig: WordPress security: Zero-day flaw in File Manager plugin actively exploited
Search URL Search Domain Scan URL
Title: ZDnet: Millions of WordPress sites are being probed and attacked with recent plugin bug
Search URL Search Domain Scan URL
Title: Toolbox.com: Zero-Day Flaw in WordPress Plugin Leaves 1.7M Users at Risk
Search URL Search Domain Scan URL
Title: Heise.de: Sicherheitslücke im WordPress-Plugin File Manager öffnet Websites für Angreifer
Search URL Search Domain Scan URL
Title: The Register: Sites with WP File Manager should update ASAP – exploits in the wild
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Falla en plugin File Manager de Wordpress | CYGdatatechnology
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites | Infinity Techie
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350000 WordPress sites - Ars Technica - Business Telegraph
Search URL Search Domain Scan URL
Title: Hackers Actively Exploiting Severe Bug In Over 300K WordPress Sites - Privacy Ninja
Search URL Search Domain Scan URL
Title: Hackers actively exploiting severe bug in over 300K WordPress sites - Cloud 10 Infotech, LLC
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites - ИТ Безбедност
Search URL Search Domain Scan URL
Title: WordPress: Schwerwiegende Sicherheitslücke im File Manager-Plugin | NetzBasti
Search URL Search Domain Scan URL
Title: Hackers Exploit WP File Manager Flaw Affecting Over 350,000 Sites - ThreatsHub Cybersecurity News
Search URL Search Domain Scan URL
Title: A Essential Flaw Is Affecting 1000's of WordPress Websites - iTechBlog
Search URL Search Domain Scan URL
Title: WordPress ‘File Manager’ Plugin Patches Critical Zero-Day Exploited in Attacks
Search URL Search Domain Scan URL
Title: WordPress Plugin File Manager Patch to Address an Actively Exploited Zero-Day Vulnerability- HakTechs
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites
Search URL Search Domain Scan URL
Title: A Critical Flaw Is Affecting Thousands of WordPress Sites – Computer Security Articles
Search URL Search Domain Scan URL
Title: WordPress 'File Manager' Plugin Patches Critical Zero-Day Exploited in Attacks | Cyber Security and Consulting
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350000 WordPress sites - Ars Technica - bigtstore
Search URL Search Domain Scan URL
Title: Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin - ITSecurity.Org
Search URL Search Domain Scan URL
Title: Hackers hijack Indian PM Narendra Modi Twitter account - Dr Don's ICFO News Safety and Security
Search URL Search Domain Scan URL
Title: WordPress security: Zero-day flaw in File Manager plugin actively exploited - The Daily Swig - bigtstore
Search URL Search Domain Scan URL
Title: WordPress websites attacked via File Manager plugin vulnerability - Dr Don's ICFO News Magazine
Search URL Search Domain Scan URL
Title: Hackers hijack Indian PM Narendra Modi Twitter account – pcsecurity-99.com
Search URL Search Domain Scan URL
Title: Vulnerability in the WordPress File Manager plugin opens websites for attackers | | Marijuanapy The World News
Search URL Search Domain Scan URL
Title: Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin - Cyber4Dental
Search URL Search Domain Scan URL
Title: Hackers hijack Indian PM Narendra Modi Twitter account – crime-99.com
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites - Techno Guru G
Search URL Search Domain Scan URL
Title: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites -
Search URL Search Domain Scan URL
Title: EPISODE HACK - how to get free PASSES AND GEMS ON EPISODE APP 2020 - Episode Cheats
Search URL Search Domain Scan URL
Title: Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin - ThreatsHub Cybersecurity News
Search URL Search Domain Scan URL
Title: Suomalainen yritys löysi WordPressistä vakavan tietoturva-aukon - hyökkäysten aalto miljoonille sivustoille | Ite wiki
Search URL Search Domain Scan URL
Title: WordPress: significant growth in attacks on sites that use the File Manager plugin – Archyde
Search URL Search Domain Scan URL
Title: WordPress: значительный рост атак на сайты, использующие плагин File Manager – Nachedeu
Search URL Search Domain Scan URL
Title: Zero-Day Flaw in WordPress Plugin Leaves 1.7M Users at Risk - Toolbox - bigtstore
Search URL Search Domain Scan URL
Title: Los piratas informáticos están explotando una falla crítica que afecta a más de 350,000 sitios de WordPress - HWCol.com
Search URL Search Domain Scan URL
Title: WordPress: importante crecimiento de ataques a sitios que utilizan el plugin File Manager – Blog de jajoDesign
Search URL Search Domain Scan URL
Title: WordPress Vulnerability Roundup: September 2020, Part 1
Search URL Search Domain Scan URL
Title: Hackers are exploiting a crucial flaw affecting >350,000 WordPress websites - Tech News300
Search URL Search Domain Scan URL
Title: WordPress Vulnerability Roundup: September 2020, Part 1 | Premier Florida WordPress Developer | Skyway Web Solutions
Search URL Search Domain Scan URL
Title: Service Status
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Seravo.se
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
HTTP 301
https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
47 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
seravo.com/blog/0-day-vulnerability-in-wp-file-manager/ Redirect Chain
|
73 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.1.0/css/ |
45 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
seravo.com/wp-includes/css/dist/block-library/ |
52 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seravo-orders.css
seravo.com/wp-content/plugins/seravo-orders/assets/css/ |
10 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layout.min.css
seravo.com/wp-content/themes/seravo/dist/ |
126 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
affiliates.js
seravo.com/wp-content/plugins/seravo-orders/assets/js/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
88 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
seravo.com/wp-includes/js/jquery/ |
95 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.min.js
seravo.com/wp-includes/js/jquery/ |
10 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seravo_logo.svg
seravo.com/wp-content/themes/seravo/images/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5379576495_b9898e406b_o-2840x634.jpg
seravo.com/wp-content/uploads/2020/09/ |
182 KB 184 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image-300x248.png
seravo.com/wp-content/uploads/2020/09/ |
46 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screenshot-from-2020-09-02-08-51-47.png
seravo.com/wp-content/uploads/2020/09/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widgets.js
platform.twitter.com/ |
95 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f3e251ebaaed1f22ac292ffa41c3c55a
secure.gravatar.com/avatar/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6e6d706fbb9a6cb9eda1c7c68d483286
secure.gravatar.com/avatar/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wordpress-computer-screen-230x230.jpg
seravo.com/wp-content/uploads/2020/05/ |
9 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
peter-pryharski-fZFW4Rbgq2E-unsplash-230x230.jpg
seravo.com/wp-content/uploads/2019/11/ |
12 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gareth-davies-1CrN-IbvtH0-unsplash-scaled-e1597051068363-230x230.jpg
seravo.com/wp-content/uploads/2020/08/ |
6 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundo-kim-Z6cCzLrAAeY-unsplash-230x230.jpg
seravo.com/wp-content/uploads/2020/05/ |
14 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ranua-Location-Header-230x230.jpg
seravo.com/wp-content/uploads/2020/07/ |
11 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Real_Customer_Support_2560x571-230x230.jpg
seravo.com/wp-content/uploads/2020/06/ |
4 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
seravo.com/wp-content/themes/seravo/dist/ |
100 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-embed.min.js
seravo.com/wp-includes/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-recaptcha.min.js
seravo.com/wp-content/plugins/wp-recaptcha-integration/js/ |
7 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 660 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quote.png
seravo.com/wp-content/themes/seravo/images/ |
963 B 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizAREVItHgc8qDIbSTKq4XkRi2c_CI0q1vjitOh.woff2
fonts.gstatic.com/s/librefranklin/v5/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
jizAREVItHgc8qDIbSTKq4XkRi3s-CI0q1vjitOh.woff2
fonts.gstatic.com/s/librefranklin/v5/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
jizAREVItHgc8qDIbSTKq4XkRi20-SI0q1vjitOh.woff2
fonts.gstatic.com/s/librefranklin/v5/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
jizGREVItHgc8qDIbSTKq4XkRiUa454xm1npjfGj7oY.woff2
fonts.gstatic.com/s/librefranklin/v5/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
riYXMp9Q
video.wordpress.com/embed/ Frame 5BBC |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
receive.php
seravo-cspreports.seravo.fi/ |
0 458 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
videopress-iframe.js
v0.wordpress.com/js/next/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-arrow-down.svg
seravo.com/wp-content/themes/seravo/images/ |
303 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
use.fontawesome.com/releases/v5.1.0/webfonts/ |
62 KB 62 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
receive.php
seravo-cspreports.seravo.fi/ |
0 457 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
www.google-analytics.com/j/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
800 B 577 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame F777 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/6TWYOsKNtRFaLeFqv5xN42-l/ |
338 KB 133 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
horizon_tweet.890a062bcacdb49527deac08bf9879da.js
platform.twitter.com/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
anchor
www.google.com/recaptcha/api2/ Frame 2A06 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.html
platform.twitter.com/embed/ Frame 1399 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
bframe
www.google.com/recaptcha/api2/ Frame 8169 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- v0.wordpress.com
- URL
- https://v0.wordpress.com/js/next/videopress-iframe.js?m=1435166243
- Domain
- www.google-analytics.com
- URL
- https://www.google-analytics.com/j/collect?v=1&_v=j86&aip=1&a=1601240361&t=pageview&_s=1&dl=https%3A%2F%2Fseravo.com%2Fblog%2F0-day-vulnerability-in-wp-file-manager%2F&ul=en-us&de=UTF-8&dt=Severe%200-day%20security%20vulnerability%20found%20by%20Seravo%20in%20WP%20File%20Manager%20%7C%20Seravo&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=831958637&gjid=219818696&cid=500008004.1600693421&tid=UA-53086901-13&_gid=1444583843.1600693421&_r=1>m=2ou990&z=1135161731
Verdicts & Comments Add Verdict or Comment
40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| seravo_orders_get_affiliate_config object| seravo_orders_get_affiliate_id function| seravo_orders_check_affiliate_id_from_url object| google_tag_manager object| dataLayer function| gtag object| google_tag_data string| GoogleAnalyticsObject function| ga undefined| $ function| jQuery object| gaplugins object| gaGlobal object| gaData object| seravo function| drags object| seravoApp function| slickInit function| scrollToSection function| handleFixNav function| mobileNav function| getUrlParameter object| jQuery112405436424804182138 function| EventEmitter object| eventie function| imagesLoaded object| Placeholders object| wp object| wp_recaptcha function| wp_recaptcha_loaded object| __twttrll object| twttr object| __twttr object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_2373430 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://code.jquery.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/apexcharts https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com/jsapi; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://djtflbt20bdde.cloudfront.net https:; img-src 'self' data: https://script.hotjar.com https://d33v4339jhl8k0.cloudfront.net https:; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://*.bootstrapcdn.com https://script.hotjar.com; base-uri https://docs.helpscout.com; frame-src 'self' https://www.slideshare.net https://www.google.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.facebook.com https://m.facebook.com https://vars.hotjar.com https://beacon-v2.helpscout.net https://make.wordpress.org https://video.wordpress.com/; object-src https://beacon-v2.helpscout.net; connect-src 'self' https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com sentry.io https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/tr/; child-src 'self' https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://seravo-cspreports.seravo.fi/receive.php; |
Strict-Transport-Security | max-age=63072000; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
netdna.bootstrapcdn.com
platform.twitter.com
secure.gravatar.com
seravo-cspreports.seravo.fi
seravo.com
use.fontawesome.com
v0.wordpress.com
video.wordpress.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
v0.wordpress.com
www.google-analytics.com
151.101.112.157
192.0.78.13
2001:4de0:ac19::1:b:3b
23.111.9.35
2a00:1450:4001:800::2003
2a00:1450:4001:802::200a
2a00:1450:4001:809::2008
2a00:1450:4001:819::2004
2a00:1450:4001:81a::200e
2a00:1450:4001:824::2004
2a00:14c0:1:307:aa51::147
2a01:4f9:4a:2814::2
2a04:fa87:fffe::c000:4902
08600bd90d0342cebb9ec4505a8a84c995bf8acdb5d8667fcc68221959e20f44
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
23b775e4e3b5b93742dad8a1bbfacb2ffc3271a15dbfc6d3ded21d713f2c3489
29d0d17f7e4b22b78ea3f9e06d76a51127b07be8a07bc4604a2a9ab46ffacdb8
2c9122f6ffbaf41f4f129414cfdd54ad6cf51c7a2f013bc7854ad44565ab90f2
3c5447c0c512a1f01163377ef8dd2b0462b21b6c51aff481a284f89c3743b6b7
3cc76df54f615c3587a81d902f9fa907799083cac5f2a4cff34a6d880dcafe51
43f239e21700744b35d1cb3a1ff9313917ed4f42bc69a93da76286fa0c2a24b8
4486d910a315d084f48e2225f3e96248e6bb752fadae42cf7745dc194f774d0a
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
5af145186e623128a6cd915dfe3a53dd2f98c3af60492d8daa7a14bf68c0c38a
5e280876b753e3c7e335e23b45b07efa594c9c0436448c3a8d563d4102e98c16
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
62ac51f133153f6fea269a9c0f520bcb7415317c54e2272feb3ba7e01b0fb1df
62b5e7ae9e2ed60dcd7cb2e0823dd0884575f2176aff629f2df1e912dfae20e1
65e9dacfc912edb3c96c6571413d6c889cd109e778b6457cad2d029c00a6c9b4
661d964b08d61d52766510383951bf46cba399a95076a7f726b6da31d6684e0f
6a6a248f33a5f9664f3f8aa4c51013b462c6140df88666b6e18be566331c0e58
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
9614a886ea525a31431616db58d45a04f750c4941415a3e14aac1bc89c61a6fe
9755d633755e1a3112ff05a449d1de2beab5bc81f62d8768247bd9c10b728a79
99fb12d4d59de5b0f6c8ace65de3f39e339686bef83bc60c065bc36bb43c84e7
9bff8073f1116989b73d48d65d3047f74dc38f4ef12bbadda593e7cfdbca4801
9d772932745d97ec8b67d76227808179bbb8866bb09f6ff75e504724ef507865
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
b8f755c6bb05dc5ffc4cf54e4665e44ab3d339154cfb6c3c1c47605645659b0d
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
c482ab466a0700259007153aade62e0beed9e72cb8bbffc0c7e131986c4aef7f
ca2800839cfdbf2760f12320fb592e421753eec0adc9b667c62aeb52640e9781
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cb95ff541016641f802367ec5c702054833f968f53d5e66e9d10b30ea64e0521
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
d0ce39ba21da8a554da18906d9ec1f5abeea9f6d20d1677880b474c18954f11f
ded56bc9bd7e0bd13cbbbad86164d34c60d884199a77118920bff4d2c0c93ed7
e0390c26b695bfa5251606cacaa0bb97a72f57574a3ab113e330142bfc825b11
e0a669a4465be226e98af7911c837653bd2cf20d25ef267c354c88cd9f9773e5
e1eed7eeb3d66a6c76d2567bc3a6ef502be67a866f965e42296b87cc85dda3d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec626d1355ef5d84689c88b2ec9e383fa16b0be9c068fe5fc913be061542edbc