urlscan.io logo urlscan.io
SecurityTrails logo

www.mgm-sp.com Open in urlscan Pro
212.88.144.78  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss'
Effective URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Submission: On June 27 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 42 HTTP transactions. The main IP is 212.88.144.78, located in Kloetze, Germany and belongs to SAARGATE-AS VSE NET GmbH, DE. The main domain is www.mgm-sp.com.
TLS certificate: Issued by R3 on June 17th 2022. Valid for: 3 months.
This is the only time www.mgm-sp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 42 212.88.144.78 9063 (SAARGATE-...)
2 94.130.173.29 24940 (HETZNER-AS)
42 3
Apex Domain
Subdomains		 Transfer
42 mgm-sp.com
www.mgm-sp.com
673 KB
2 mgm-tp.com
matomo.mgm-tp.com
20 KB
42 2
Domain Requested by
42 www.mgm-sp.com 2 redirects www.mgm-sp.com
2 matomo.mgm-tp.com www.mgm-sp.com
matomo.mgm-tp.com
42 2

This site contains links to these domains. Also see Links.

Domain
career.mgm-tp.com
github.com
www.linkedin.com
www.xing.com
twitter.com
Subject Issuer Validity Valid
mgm-sp.com
R3		 2022-06-17 -
2022-09-15		 3 months crt.sh
matomo.mgm-tp.com
R3		 2022-06-10 -
2022-09-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Frame ID: 0E1A5E825F1393673D479EA66DD3AD67
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CVE-2022-27238: BigBlueButton stored XSS

Page URL History Show full URLs

  1. https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss' HTTP 301
    https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss HTTP 301
    https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

42
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

723 kB
Transfer

2492 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss' HTTP 301
    https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss HTTP 301
    https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Redirect Chain
  • https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss'
  • https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss
  • https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
62 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PHP/7.4.30 PleskLin
Resource Hash
5a54b2dc7b304be08c9ddc10588660e532ed3607982c71007676c0855646b0e7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-length
12656
content-type
text/html; charset=UTF-8
date
Mon, 27 Jun 2022 17:54:13 GMT
link
<https://www.mgm-sp.com/wp-json/>; rel="https://api.w.org/", <https://www.mgm-sp.com/wp-json/wp/v2/pages/17964>; rel="alternate"; type="application/json"
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
sameorigin
x-powered-by
PHP/7.4.30 PleskLin
x-xss-protection
1; mode=block

Redirect headers

content-type
text/html; charset=UTF-8
date
Mon, 27 Jun 2022 17:54:12 GMT
location
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains
vary
User-Agent
x-content-type-options
nosniff
x-frame-options
sameorigin
x-powered-by
PHP/7.4.30 PleskLin
x-redirect-by
Polylang
x-xss-protection
1; mode=block
style.min.css
www.mgm-sp.com/wp-includes/css/dist/block-library/ 		81 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"624cdf39-145db"
last-modified
Wed, 06 Apr 2022 00:30:49 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
style_en_us.css
www.mgm-sp.com/wp-content/uploads/maxmegamenu/ 		70 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/maxmegamenu/style_en_us.css?ver=a9bbc8
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
7280509998136a3ad3a15408b7bdcea3c1d7245f02887c254d980be0e7f1a003
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb6-11737"
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
dashicons.min.css
www.mgm-sp.com/wp-includes/css/ 		58 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/css/dashicons.min.css?ver=5.9.3
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb7-e688"
last-modified
Fri, 01 Apr 2022 13:23:03 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
style.css
www.mgm-sp.com/wp-content/themes/Divi/ 		804 KB
68 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/Divi/style.css?ver=5.9.3
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
b900a1e629c1c00e17d245bcb3082c6386901ff679b55303c618e3a95d2173c8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb5-c9087"
last-modified
Fri, 01 Apr 2022 13:23:01 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
divi-fonts.css
www.mgm-sp.com/wp-content/uploads/omgf/divi-fonts/ 		6 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/divi-fonts/divi-fonts.css?ver=1648740908
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
36e199c5ab0b303f300d23bd0b922dedadec5c98a28c792b1b0f9538332bd843
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"624c0155-16e7"
last-modified
Tue, 05 Apr 2022 08:44:05 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
style.css
www.mgm-sp.com/wp-content/themes/mgm-sp/ 		35 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/mgm-sp/style.css?ver=4.9.2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
1284105a747a4dc54eed9e12f658e92efc39699aea297fed373517e3b75b449c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb5-8a8d"
last-modified
Fri, 01 Apr 2022 13:23:01 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
et-builder-googlefonts-cached-166.css
www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/ 		7 KB
652 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
c0144a813828be8ae5e20f1cef520977d74169e386a5f00cdff6d8a5cb5fc3bf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"62958c20-1a96"
last-modified
Tue, 31 May 2022 03:31:44 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
mystickyelements-google-fonts.css
www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/ 		3 KB
557 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/mystickyelements-google-fonts.css?ver=1648740908
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
299f357ab13105da3d8b4ee08fe077cd097405827b236b22f4720191797a67cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"624c015b-ab6"
last-modified
Tue, 05 Apr 2022 08:44:11 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
font-awesome.min.css
www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/css/ 		53 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/css/font-awesome.min.css?ver=2.0.6
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
aae88883f4c2c3e8d47b59955410fd6e1851c3d10581b7526794259dec36ba33
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb3-d3de"
last-modified
Fri, 01 Apr 2022 13:22:59 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
mystickyelements-front.min.css
www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/css/ 		199 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/css/mystickyelements-front.min.css?ver=2.0.6
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
725aee6943be6720191205e2103b471f0d3a97f4c7bdf6e0b52c8a071f0d50d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb3-31cfd"
last-modified
Fri, 01 Apr 2022 13:22:59 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
jquery.min.js
www.mgm-sp.com/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb7-15db1"
last-modified
Fri, 01 Apr 2022 13:23:03 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
jquery-migrate.min.js
www.mgm-sp.com/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"6246fcb7-2bd8"
last-modified
Fri, 01 Apr 2022 13:23:03 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
modules.ttf
www.mgm-sp.com/wp-content/themes/Divi/core/admin/fonts/ 		90 KB
91 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/Divi/core/admin/fonts/modules.ttf
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
application/octet-stream
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
92400
etag
"6246fcb4-168f0"
prettify.css
www.mgm-sp.com/wp-content/plugins/code-prettify/prettify/ 		771 B
542 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/code-prettify/prettify/prettify.css
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
10765865e03a12890cf5546f3e3828a3ba743f8116d5f438a71bc105e93f5faa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"62958bea-303"
last-modified
Tue, 31 May 2022 03:30:50 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
et-core-unified-17964-16560836128445.min.css
www.mgm-sp.com/wp-content/et-cache/17964/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/et-cache/17964/et-core-unified-17964-16560836128445.min.css
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
942fc6b1882ec821ebed7c14feb9bb0e8c7e7881ec95678dd0ce62c8eef62c2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:13 GMT
content-encoding
br
etag
W/"62b5d49d-377d"
last-modified
Fri, 24 Jun 2022 15:13:33 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
text/css
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
mgm-Logo-sp-2016-CYMK.png
www.mgm-sp.com/wp-content/uploads/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/mgm-Logo-sp-2016-CYMK.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
9acd455303e004f1edf00570730ffaaaaff4767cc228ee23fe958bc77a6ed60e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
7483
etag
"6246fcb6-1d3b"
en_US.png
www.mgm-sp.com/wp-content/polylang/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/polylang/en_US.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
fea92c8c4ddafbe77a8ca000f16c2a02455a909950c5492ef4999f3bcfcdd60a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
1776
etag
"6246fcb4-6f0"
de_DE.png
www.mgm-sp.com/wp-content/polylang/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/polylang/de_DE.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
208137d4b168bf65e81bfde9822b035f7b6747f8487f6484d12a1d86e0f39fbb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
1224
etag
"6246fcb4-4c8"
run_prettify.js
www.mgm-sp.com/wp-content/plugins/code-prettify/prettify/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/code-prettify/prettify/run_prettify.js?ver=1.4.0
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
9dc8ce8b5f8200d37b7434c106df70011a64a37a4ea31b5485dd0a3feae40798
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"62958bea-4768"
last-modified
Tue, 31 May 2022 03:30:50 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
mgm-custom.js
www.mgm-sp.com/wp-content/themes/mgm-sp/ 		817 B
521 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/mgm-sp/mgm-custom.js
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
612157d796a6ed741399ab63f23e06c66bce17c5792bf59f685b970dea9a8264
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb5-331"
last-modified
Fri, 01 Apr 2022 13:23:01 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
custom.unified.js
www.mgm-sp.com/wp-content/themes/Divi/js/ 		487 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
993c35db7aeaed74aafddd40528e410d6ab121e8eece7c262a0cfea27dc0ba15
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb5-79a02"
last-modified
Fri, 01 Apr 2022 13:23:01 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
common.js
www.mgm-sp.com/wp-content/themes/Divi/core/admin/js/ 		1 KB
763 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.9.2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb4-53f"
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
hoverIntent.min.js
www.mgm-sp.com/wp-includes/js/ 		1 KB
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
491ee20092ce969e6785601ae4595748d4ac5ee4df19012b19b77de6c9dfd357
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb7-5dc"
last-modified
Fri, 01 Apr 2022 13:23:03 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
maxmegamenu.js
www.mgm-sp.com/wp-content/plugins/megamenu/js/ 		30 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=2.9.6
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
9aafa38d431075d0f6c738a2633785fd32fada0e14408bd662d95e608ddb4daf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"625face5-7741"
last-modified
Wed, 20 Apr 2022 06:49:09 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
jquery.cookie.js
www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/js/ 		1 KB
985 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/js/jquery.cookie.js?ver=2.0.6
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
395b5ee496a5203d25d65479d79d63a8f4634ba610ef09a4ede4085ff66066bb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb3-590"
last-modified
Fri, 01 Apr 2022 13:22:59 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
mystickyelements-fronted.min.js
www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/js/ 		26 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/plugins/mystickyelements-pro/js/mystickyelements-fronted.min.js?ver=2.0.6
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
47094b575d2d3c1ed9fa0f7733954ae9d3a2df7d27abe57044eece65c508a6d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb3-6821"
last-modified
Fri, 01 Apr 2022 13:22:59 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
Josb.png
www.mgm-sp.com/wp-content/uploads/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/Josb.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
981a8d1e00cf40854ac3f6ee70655d4af01648cf6c1113912847b63cae928f01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
13081
etag
"6246fcb6-3319"
wp-emoji-release.min.js
www.mgm-sp.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
etag
W/"6246fcb8-4705"
last-modified
Fri, 01 Apr 2022 13:23:04 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
application/javascript
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
matomo.js
matomo.mgm-tp.com/ 		63 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://matomo.mgm-tp.com/matomo.js
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.130.173.29 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
m1014.hpress.de
Software
nginx / PleskLin
Resource Hash
0361db2eb67ea528e6602dfb9fae5f6b7216fd509904093d5f4638b189bc8de5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
br
last-modified
Fri, 17 Jun 2022 08:42:06 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"62ac3e5e-fcbb"
vary
Accept-Encoding
content-type
application/javascript
open-sans-normal-400.woff2
www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/open-sans-normal-400.woff2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
58a886cc7d1d22c51bf05e8426072841a6d7894cdbda30379273a09026346f21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 31 May 2022 03:31:42 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
22116
etag
"62958c1e-5664"
open-sans-normal-600.woff2
www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/open-sans-normal-600.woff2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
922297c4e207dae08affdbc21f34329d67f4ed482f5bdecb2369381a3b5eab66
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 31 May 2022 03:31:42 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
22096
etag
"62958c1e-5650"
header_start1.jpg
www.mgm-sp.com/wp-content/uploads/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/header_start1.jpg
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/et-cache/17964/et-core-unified-17964-16560836128445.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
df8db25127c1237286233760f0a30d1ae5b661b1a634b80170df930d66187bb6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/wp-content/et-cache/17964/et-core-unified-17964-16560836128445.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/jpeg
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
65825
etag
"6246fcb6-10121"
xing-icon.svg
www.mgm-sp.com/wp-content/uploads/ 		1 KB
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/xing-icon.svg
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/themes/mgm-sp/style.css?ver=4.9.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
f67b189baf612bdfb01c1d4216d64b9e2817a05b311d0679182d220d5cbaa437
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/wp-content/themes/mgm-sp/style.css?ver=4.9.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
gzip
etag
W/"6246fcb7-458"
last-modified
Fri, 01 Apr 2022 13:23:03 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
image/svg+xml
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
github-icon.svg
www.mgm-sp.com/wp-content/uploads/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/github-icon.svg
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/themes/mgm-sp/style.css?ver=4.9.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
3daa214b90774c8664feedec2da8a01ae0b77915caa12f715eb32ef8fb18a87b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/wp-content/themes/mgm-sp/style.css?ver=4.9.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
content-encoding
gzip
etag
W/"6246fcb6-ac4"
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-frame-options
sameorigin
x-powered-by
PleskLin
vary
Accept-Encoding
content-type
image/svg+xml
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-xss-protection
1; mode=block
open-sans-normal-300.woff2
www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/open-sans-normal-300.woff2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
a9c08d7c49a111ea1ac330a898d224dd524659476cf9962f04c6e75ca81901aa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 31 May 2022 03:31:41 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
22148
etag
"62958c1d-5684"
truncated
/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
open-sans-normal-700.woff2
www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/open-sans-normal-700.woff2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
ed01287cc7c91ca39383bc12e449fd8042e8a119fd6864639a64566cd1328d59
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/wp-content/uploads/omgf/et-builder-googlefonts-cached-166/et-builder-googlefonts-cached-166.css?ver=1648740908
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 31 May 2022 03:31:42 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
21508
etag
"62958c1e-5404"
poppins-normal-500.woff2
www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/poppins-normal-500.woff2
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/mystickyelements-google-fonts.css?ver=1648740908
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
72d422ca01aa5059f41ff11b170fe69f993a39c7b0b06dc17fd072866b187d83
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mgm-sp.com/wp-content/uploads/omgf/mystickyelements-google-fonts/mystickyelements-google-fonts.css?ver=1648740908
Origin
https://www.mgm-sp.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Apr 2022 08:44:09 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
font/woff2
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
48956
etag
"624c0159-bf3c"
matomo.php
matomo.mgm-tp.com/ 		0
145 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://matomo.mgm-tp.com/matomo.php?action_name=CVE-2022-27238%3A%20BigBlueButton%20stored%20XSS&idsite=18&rec=1&r=609107&h=17&m=54&s=14&url=https%3A%2F%2Fwww.mgm-sp.com%2Fen%2Fcve-2022-27238-bigbluebutton-xss%2F&_id=&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=VGezgj&pf_net=0&pf_srv=1121&pf_tfr=1&pf_dm1=691
Requested by
Host: matomo.mgm-tp.com
URL: https://matomo.mgm-tp.com/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.130.173.29 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
m1014.hpress.de
Software
nginx / PHP/7.4.30, PleskLin
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.mgm-sp.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin
https://www.mgm-sp.com
date
Mon, 27 Jun 2022 17:54:14 GMT
access-control-allow-credentials
true
server
nginx
x-powered-by
PHP/7.4.30, PleskLin
mgm-Logo-sp-2016-CYMK.png
www.mgm-sp.com/wp-content/uploads/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/uploads/mgm-Logo-sp-2016-CYMK.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
9acd455303e004f1edf00570730ffaaaaff4767cc228ee23fe958bc77a6ed60e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:02 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
7483
etag
"6246fcb6-1d3b"
en_US.png
www.mgm-sp.com/wp-content/polylang/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/polylang/en_US.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
fea92c8c4ddafbe77a8ca000f16c2a02455a909950c5492ef4999f3bcfcdd60a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
1776
etag
"6246fcb4-6f0"
de_DE.png
www.mgm-sp.com/wp-content/polylang/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mgm-sp.com/wp-content/polylang/de_DE.png
Requested by
Host: www.mgm-sp.com
URL: https://www.mgm-sp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.88.144.78 Kloetze, Germany, ASN9063 (SAARGATE-AS VSE NET GmbH, DE),
Reverse DNS
s6.hpress.de
Software
nginx / PleskLin
Resource Hash
208137d4b168bf65e81bfde9822b035f7b6747f8487f6484d12a1d86e0f39fbb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 17:54:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Apr 2022 13:23:00 GMT
server
nginx
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
1224
etag
"6246fcb4-4c8"

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| et_site_url string| et_post_id function| et_core_page_resource_fallback object| _wpemojiSettings undefined| $ function| jQuery object| _paq object| et_animation_data string| codePrettifyLoaderBaseUrl boolean| PR_SHOULD_USE_CONTINUATION object| PR object| DIVI object| et_shortcodes_strings object| et_pb_custom object| et_builder_utils_params object| et_frontend_scripts object| et_pb_box_shadow_elements object| et_pb_motion_elements object| et_pb_sticky_elements function| et_shortcodes_init function| Waypoint object| salvattore function| et_pb_debounce function| et_pb_smooth_scroll function| et_pb_form_placeholders_init function| et_duplicate_menu function| et_pb_remove_placeholder_text function| et_fix_fullscreen_section function| et_bar_counters_init function| et_fix_pricing_currency_position function| et_pb_set_responsive_grid function| et_pb_set_tabs_height function| et_pb_box_shadow_apply_overlay function| et_pb_init_nav_menu function| et_pb_toggle_nav_menu function| et_pb_apply_sticky_image_effect function| et_pb_menu_inject_inline_centered_logo function| et_pb_menu_inject_item function| et_pb_reposition_menu_module_dropdowns object| ET_Builder object| ET_FE boolean| et_load_event_fired boolean| et_is_transparent_nav boolean| et_is_vertical_nav boolean| et_is_fixed_nav boolean| et_is_minified_js boolean| et_is_minified_css boolean| et_force_width_container_change function| et_pb_init_woo_star_rating function| et_pb_wrap_woo_attribute_fields_in_span function| et_pb_init_modules function| etFixDividerSpacing function| etInitWooReviewsRatingStars object| ET_SmoothScroll boolean| et_calculating_scroll_position boolean| et_side_nav_links_initialized object| megamenu object| mystickyelements function| launch_mystickyelements function| close_mystickyelements function| hide_mystickyelements function| show_mystickyelements string| et_location_hash function| et_calculate_header_values function| et_change_primary_nav_position function| et_fix_page_container_position function| et_pb_window_side_nav_scroll_init function| et_pb_side_nav_page_init object| twemoji object| wp object| $et_tooltip object| $et_learn_more function| et_pb_slider_init function| et_countdown_timer function| et_countdown_timer_labels function| et_pb_tabs_init function| et_pb_circle_counter_update function| et_apply_parallax function| et_parallax_set_height function| et_apply_builder_css_parallax function| et_pb_play_overlayed_video function| et_pb_resize_section_video_bg function| et_pb_center_video function| et_pb_adjust_video_margin function| et_fix_slider_height function| et_pb_submit_newsletter function| et_fix_testimonial_inner_width function| et_pb_video_background_init function| et_reinit_waypoint_modules function| et_calc_fullscreen_section function| et_calculate_fullscreen_section_size function| debounced_et_apply_builder_css_parallax function| et_pb_parallax_init function| et_pb_fullwidth_header_scroll function| et_pb_search_init function| et_pb_search_percentage_custom_margin_fix function| et_pb_comments_init function| et_pb_shop_add_hover_class object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log string| waypointContextKey

4 Cookies

Domain/Path Name / Value
www.mgm-sp.com/ Name: security_OHgylpI_EN
Value: JIwlkF29zxy0Z
www.mgm-sp.com/ Name: security_JFKk_dUIuPxAsbqC
Value: sD1AgKSnmW%2Aa_
www.mgm-sp.com/ Name: security_dknMLVRZ
Value: 5fgh2vEe1u%40IH
www.mgm-sp.com/ Name: pll_language
Value: en

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

matomo.mgm-tp.com
www.mgm-sp.com
212.88.144.78
94.130.173.29
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0361db2eb67ea528e6602dfb9fae5f6b7216fd509904093d5f4638b189bc8de5
10765865e03a12890cf5546f3e3828a3ba743f8116d5f438a71bc105e93f5faa
1284105a747a4dc54eed9e12f658e92efc39699aea297fed373517e3b75b449c
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
208137d4b168bf65e81bfde9822b035f7b6747f8487f6484d12a1d86e0f39fbb
299f357ab13105da3d8b4ee08fe077cd097405827b236b22f4720191797a67cd
36e199c5ab0b303f300d23bd0b922dedadec5c98a28c792b1b0f9538332bd843
395b5ee496a5203d25d65479d79d63a8f4634ba610ef09a4ede4085ff66066bb
3daa214b90774c8664feedec2da8a01ae0b77915caa12f715eb32ef8fb18a87b
47094b575d2d3c1ed9fa0f7733954ae9d3a2df7d27abe57044eece65c508a6d3
491ee20092ce969e6785601ae4595748d4ac5ee4df19012b19b77de6c9dfd357
58a886cc7d1d22c51bf05e8426072841a6d7894cdbda30379273a09026346f21
5a54b2dc7b304be08c9ddc10588660e532ed3607982c71007676c0855646b0e7
612157d796a6ed741399ab63f23e06c66bce17c5792bf59f685b970dea9a8264
725aee6943be6720191205e2103b471f0d3a97f4c7bdf6e0b52c8a071f0d50d3
7280509998136a3ad3a15408b7bdcea3c1d7245f02887c254d980be0e7f1a003
72d422ca01aa5059f41ff11b170fe69f993a39c7b0b06dc17fd072866b187d83
922297c4e207dae08affdbc21f34329d67f4ed482f5bdecb2369381a3b5eab66
942fc6b1882ec821ebed7c14feb9bb0e8c7e7881ec95678dd0ce62c8eef62c2f
981a8d1e00cf40854ac3f6ee70655d4af01648cf6c1113912847b63cae928f01
993c35db7aeaed74aafddd40528e410d6ab121e8eece7c262a0cfea27dc0ba15
9aafa38d431075d0f6c738a2633785fd32fada0e14408bd662d95e608ddb4daf
9acd455303e004f1edf00570730ffaaaaff4767cc228ee23fe958bc77a6ed60e
9dc8ce8b5f8200d37b7434c106df70011a64a37a4ea31b5485dd0a3feae40798
a9c08d7c49a111ea1ac330a898d224dd524659476cf9962f04c6e75ca81901aa
aae88883f4c2c3e8d47b59955410fd6e1851c3d10581b7526794259dec36ba33
b900a1e629c1c00e17d245bcb3082c6386901ff679b55303c618e3a95d2173c8
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c0144a813828be8ae5e20f1cef520977d74169e386a5f00cdff6d8a5cb5fc3bf
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df8db25127c1237286233760f0a30d1ae5b661b1a634b80170df930d66187bb6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed01287cc7c91ca39383bc12e449fd8042e8a119fd6864639a64566cd1328d59
f67b189baf612bdfb01c1d4216d64b9e2817a05b311d0679182d220d5cbaa437
fea92c8c4ddafbe77a8ca000f16c2a02455a909950c5492ef4999f3bcfcdd60a