GeneralInformation

Hostnames	ec2-15-207-74-49.ap-south-1.compute.amazonaws.com dontmemorise.com www.dontmemorise.com
Domains	amazonaws.com dontmemorise.com
Cloud Provider	Amazon
Cloud Region	ap-south-1
Cloud Service	EC2
Country	India
City	Mumbai
Organization	Amazon Data Services India
ISP	Amazon.com, Inc.
ASN	AS16509
Operating System	Ubuntu

WebTechnologies

Authentication

Super Socializer7.12.41

Blogs

WordPress

CDN

Cloudflare

cdnjs

CMS

WordPress

Databases

MySQL

Ecommerce

WooCommerce4.3.2

Form builders

Contact Form 75.1.5

JavaScript graphics

MathJax2.7.5

JavaScript libraries

Swiper

Live chat

Crisp Live Chat

Page builders

Elementor3.0.11

Programming languages

PHP

SEO

Yoast SEO14.6.1

Tag managers

Google Tag Manager

UI frameworks

UIKit

Video players

YouTube

Widgets

AddToAny

WordPress plugins

Super Socializer7.12.41

AddToAny Share Buttons1.1

Contact Form 75.1.5

WordPress themes

Astra

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(2)

CVE-2024-10011

8.1The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows.

CVE-2024-9944

5.3The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.

2023(4)

CVE-2023-52222

4.3Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

CVE-2023-50880

6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-39663

7.5Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.

2022(2)

CVE-2022-2099

4.8The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

CVE-2022-0775

4.3The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

2021(5)

CVE-2021-32790

4.9Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.

CVE-2021-24323

4.8When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-21389

8.1BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

2020(1)

CVE-2020-29156

5.3The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.

OpenPorts

80 443

80 / tcp

1651973090 | 2025-03-05T04:31:29.130951

Hashes

hash

-403080365

http.dom_hash

-2049760045

http.html_hash

1651973090

http.server_hash

967792298

http.title_hash

911614014

Welcome to nginx!

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 05 Mar 2025 04:31:29 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 14:09:01 GMT
Connection: keep-alive
ETag: "5e9efe7d-264"
Accept-Ranges: bytes

Vulnerabilities

443 / tcp

1093138015 | 2025-03-21T08:37:43.838859

Hashes

hash

-1039336705

http.dom_hash

-740119367

http.favicon.hash

-1080758363

http.html_hash

1093138015

http.robots_hash

2067668451

http.server_hash

967792298

http.title_hash

-1778009121

Math, Science Concept-Based Learning Videos - Don't Memorise

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 21 Mar 2025 08:37:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: wmc_ip_info=eyJjb3VudHJ5IjoiU0MiLCJjdXJyZW5jeV9jb2RlIjoiU0NSIn0%3D; expires=Sat, 22-Mar-2025 08:37:41 GMT; Max-Age=86400; path=/
Set-Cookie: wmc_current_currency=USD; expires=Sat, 22-Mar-2025 08:37:41 GMT; Max-Age=86400; path=/
Set-Cookie: mjx.menu=renderer%3ASVG
Link: <https://dontmemorise.com/wp-json/>; rel="https://api.w.org/"
Link: <https://dontmemorise.com/>; rel=shortlink
X-FastCGI-Cache: BYPASS

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            9b:21:3c:55:56:b8:a5:0c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Dec  8 17:52:49 2024 GMT
            Not After : Oct 30 10:41:44 2025 GMT
        Subject: CN=dontmemorise.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:8e:1e:63:0d:86:d1:d8:93:a2:a7:87:d8:55:
                    6a:fd:92:28:b8:bd:dc:4f:00:95:33:87:dc:75:f5:
                    6b:2a:8d:07:82:6c:c0:a5:df:54:94:cd:a6:81:0a:
                    ea:bd:c5:a8:2a:06:4f:a8:13:99:84:ab:77:e4:c3:
                    35:6f:59:f6:f4:51:fc:b9:e3:72:57:05:8b:6b:7a:
                    bd:c0:5f:72:de:34:ab:29:a5:71:11:f5:87:6c:da:
                    c7:1d:d0:3a:2b:9c:63:f4:63:b1:6e:2e:9c:2f:37:
                    46:87:f0:f4:ea:87:1c:a9:aa:b9:c5:1a:ed:7e:e3:
                    b4:fe:db:b3:ba:d0:12:2c:b6:06:83:0f:34:77:70:
                    6a:ce:6b:79:58:51:b4:73:fa:3a:2e:e8:04:5f:b6:
                    7a:01:f8:72:32:ce:da:37:82:d9:b4:8c:72:6c:0b:
                    a7:f4:f8:49:b5:fb:02:51:42:a0:34:32:06:e5:65:
                    66:35:24:26:58:9e:48:48:36:6c:32:ae:c9:3b:c4:
                    7a:42:75:2e:fb:dd:ed:ff:ad:b9:0c:9a:b2:00:1e:
                    ee:56:6f:97:51:5d:06:96:be:6e:ae:9a:3d:ed:0b:
                    a7:66:dd:57:ea:65:f5:5e:6f:45:b3:40:a0:81:c0:
                    e3:40:e2:e3:5b:79:fe:27:41:78:c2:45:e1:ca:f0:
                    8e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-34821.crl
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
            X509v3 Authority Key Identifier: 
                40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
            X509v3 Subject Alternative Name: 
                DNS:dontmemorise.com, DNS:www.dontmemorise.com
            X509v3 Subject Key Identifier: 
                BB:71:9C:63:28:69:A8:16:88:0D:6E:DB:14:22:6A:1E:02:A0:5F:49
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
                                F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
                    Timestamp : Dec  8 17:52:50.412 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C7:7A:8E:E6:02:92:4E:86:77:9B:D5:
                                71:18:34:02:71:B4:E4:C1:5B:62:1D:AB:A8:03:68:FF:
                                FC:A7:62:3C:2C:02:20:5F:40:59:AA:DD:E7:9D:09:87:
                                FD:84:4D:7E:7A:CE:C5:3A:D3:FA:A4:F6:5C:98:63:32:
                                AC:21:6A:BA:95:CF:FA
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Dec  8 17:52:50.570 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:15:D9:DF:D0:B6:08:DD:CC:D6:30:70:A5:
                                BF:37:57:CD:D0:63:CB:C7:A2:B9:13:DD:71:16:EC:39:
                                96:4B:7A:51:02:21:00:8F:11:42:6B:00:3F:59:D3:C6:
                                95:4D:29:08:B4:64:14:FF:4E:3A:F0:6E:9E:34:A4:DD:
                                C5:BF:2B:5E:0C:C0:0E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Dec  8 17:52:50.679 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:16:1E:E4:B4:35:65:5A:8C:22:D4:CE:0F:
                                3E:7F:AE:A4:CD:57:2A:8A:7A:C0:62:B0:3F:C6:54:54:
                                27:6C:B8:74:02:20:67:B5:20:EE:0C:72:C0:41:89:09:
                                30:9B:72:DE:3B:71:B1:8C:3B:E6:E5:88:0C:3F:A1:BA:
                                45:84:08:AB:CE:AE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        0a:2d:66:59:1a:54:09:46:af:58:50:63:d1:53:22:5e:b2:e5:
        78:46:42:7d:94:74:93:8f:f4:01:ad:53:ee:27:e3:fe:83:97:
        8b:f3:e1:24:3f:8d:62:fc:6b:bc:d9:47:eb:82:67:f5:6a:34:
        cb:9e:bf:23:2e:d5:8a:90:fa:84:a3:9c:92:96:f2:af:9c:90:
        bc:08:f8:1d:50:94:61:e9:d2:87:e2:0e:5f:ce:ee:24:07:88:
        e5:bb:82:59:4a:db:1e:8a:29:56:60:79:28:d5:07:9f:d4:23:
        75:a8:bc:d8:2a:a2:f1:11:c5:39:21:f1:11:f3:c2:94:c2:bf:
        10:c4:3c:56:9f:55:59:c7:98:47:84:8f:21:c2:6a:78:51:95:
        ca:45:b0:82:41:03:85:94:ac:13:3c:c9:14:96:11:3c:4e:a1:
        66:1f:42:59:58:1f:4b:b8:94:3c:c3:88:71:21:56:d5:e7:00:
        7c:f3:a5:f1:d5:10:c1:37:2c:1b:43:7d:26:56:37:11:c9:ae:
        0f:67:1c:80:be:a7:bb:b4:a7:4e:72:cf:37:60:69:93:62:bd:
        fb:42:a7:b7:cb:1e:19:ca:90:40:ac:75:91:16:0a:16:df:b7:
        30:c5:be:49:b8:76:08:70:51:10:e2:25:08:55:fe:86:db:87:
        0b:e2:58:5e

Vulnerabilities

6 8

15.207.74.49

Last Seen: 2025-03-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

1651973090 | 2025-03-05T04:31:29.130951

Hashes

nginx1.18.0

443 / tcp

1093138015 | 2025-03-21T08:37:43.838859

Hashes

nginx1.18.0

Products

Pricing

Contact Us

15.207.74.49

Last Seen: 2025-03-21

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

80 / tcp 1651973090 | 2025-03-05T04:31:29.130951

Hashes

nginx1.18.0

443 / tcp 1093138015 | 2025-03-21T08:37:43.838859

Hashes

nginx1.18.0

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1651973090 | 2025-03-05T04:31:29.130951

443 / tcp

1093138015 | 2025-03-21T08:37:43.838859