GeneralInformation

Hostnames	ip27.ip-66-70-170.net api.multimicro.com.br app.multimicro.com.br
Domains	ip-66-70-170.net multimicro.com.br
Country	Canada
City	Montréal
Organization	OVH Hosting, Inc.
ISP	OVH SAS
ASN	AS16276

WebTechnologies

UI frameworks

Tailwind CSS

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

22 80 443 3000 4000 5000

22 / tcp

1627142514 | 2025-03-21T13:46:32.396028

SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQCt1EnNjGaVvcoQverwvvrtd0Zc4IBPmur6/DjiLQfFZfbM
Z+ixRFntucdD5BclJU1NgVvm4/5mcoLB0uZle3jINjCVhQBHmsIVezWH8nzh/639fPSleQC7hAsi
qFadylSIp0+4o9GVuYI2iqHvirZjsh9b5rogPxwrdE/dEyDtMfqDT9hoPq9/9kgH52YCeMf8LbK1
FtKJvOK6k0L3p9yC3VYdyl4QePaVnbWdkLAZobTCb3qcMLJ4FUVwEFh6/sdllavLdvuWSmkhTf1Q
VE4lsmmrzrgLv64xzmu7YRU/McBc0WFj3wZOrYo1NXS0DHuKAcnleouaZxXA9GZROsX7
Fingerprint: 5d:0c:08:00:b6:64:0e:4f:02:94:29:16:37:d3:1b:cc

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

80 / tcp

677579724 | 2025-03-24T17:52:53.979055

Hashes

hash

-1097711969

http.dom_hash

1239617585

http.html_hash

677579724

http.server_hash

967792298

http.title_hash

-1207101977

404 Not Found

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 24 Mar 2025 17:52:53 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

Vulnerabilities

443 / tcp

1910207149 | 2025-03-24T15:44:15.705960

Hashes

hash

-2041390538

http.dom_hash

-2006505642

http.html_hash

1910207149

http.server_hash

967792298

HTTP/1.1 403 Forbidden
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 24 Mar 2025 15:44:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 23
Connection: keep-alive
X-Powered-By: Express
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
ETag: W/"17-bqIm6pxC4cx+ZoszvXxsClwgWw8"

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c8:4a:f2:ca:93:55:24:5b:9a:8b:24:43:8b:c1:4f:ff:77
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E6
        Validity
            Not Before: Feb 25 21:43:47 2025 GMT
            Not After : May 26 21:43:46 2025 GMT
        Subject: CN=api.multimicro.com.br
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:db:30:09:f2:b3:1e:53:36:11:49:54:cd:ab:4d:
                    15:01:97:18:34:dc:74:1d:25:28:23:8e:98:4c:17:
                    5a:a1:ec:1c:13:c6:25:f4:bb:fd:77:11:76:0b:e2:
                    a8:10:14:14:39:02:bf:51:3c:00:99:30:af:0b:9b:
                    36:08:12:d3:94
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D7:E2:44:4C:A5:1D:AA:CD:42:13:C2:5B:9D:54:E8:86:EE:DA:6C:99
            X509v3 Authority Key Identifier: 
                93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
            Authority Information Access: 
                OCSP - URI:http://e6.o.lencr.org
                CA Issuers - URI:http://e6.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:api.multimicro.com.br, DNS:app.multimicro.com.br
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 73:20:22:0F:08:16:8A:F9:F3:C4:A6:8B:0A:B2:6A:9A:
                                4A:00:EE:F5:77:85:8A:08:4D:05:00:D4:A5:42:44:59
                    Timestamp : Feb 25 22:42:18.108 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:07:55:16:AC:F9:CC:B5:69:73:81:03:45:
                                7B:54:66:D3:71:B1:3F:07:2B:12:B7:D2:AE:41:C9:CF:
                                28:71:D4:08:02:20:06:D2:56:FB:09:61:40:3C:C4:69:
                                E8:32:A3:EA:23:0A:3D:01:47:3C:E7:E4:B5:BD:1F:E0:
                                73:16:44:97:B7:64
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Feb 25 22:42:18.124 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:B4:EC:F2:C9:7B:24:CD:5F:EE:61:DE:
                                7F:BC:74:17:9C:4C:25:AA:77:51:00:18:C0:16:22:9D:
                                D3:47:31:7F:FE:02:20:71:55:92:B4:E1:2E:8E:83:62:
                                1F:DB:E9:01:3B:2C:AC:52:54:68:BE:A7:B1:E3:A7:56:
                                09:8F:B7:3D:A5:71:25
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:e9:d5:78:1b:2b:4f:5b:a6:d3:59:56:60:ac:
        2e:ec:89:af:04:b2:31:88:d9:1b:d2:9b:93:42:b8:f9:c1:91:
        96:59:57:44:9e:98:f0:60:13:d2:5a:2b:17:fe:fe:4c:b6:02:
        30:1e:7d:6f:10:96:77:61:37:df:14:32:67:0a:84:cb:8a:2e:
        1e:24:a5:42:f2:ab:6d:45:34:b2:19:11:d0:fc:65:b6:ec:fc:
        b1:c5:ce:fc:7a:e7:08:b7:c8:40:06:f0:fe

Vulnerabilities

3000 / tcp

-1787080852 | 2025-03-28T12:26:20.219458

Hashes

hash

-1039286366

http.dom_hash

541889469

http.favicon.hash

-691327240

http.html_hash

-1787080852

HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 28 Dec 2024 12:34:59 GMT
ETag: W/"1432-1940d43447c"
Content-Type: text/html; charset=UTF-8
Content-Length: 5170
Date: Fri, 28 Mar 2025 12:26:19 GMT
Connection: keep-alive
Keep-Alive: timeout=5

4000 / tcp

-1246004407 | 2025-03-23T21:36:07.697176

HTTP/1.1 400 Bad Request
Connection: close

66.70.170.27

Last Seen: 2025-03-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

22 / tcp

1627142514 | 2025-03-21T13:46:32.396028

OpenSSH8.2p1 Ubuntu 4ubuntu0.11

80 / tcp

677579724 | 2025-03-24T17:52:53.979055

Hashes

nginx1.18.0

443 / tcp

1910207149 | 2025-03-24T15:44:15.705960

Hashes

nginx1.18.0

3000 / tcp

-1787080852 | 2025-03-28T12:26:20.219458

Hashes

4000 / tcp

-1246004407 | 2025-03-23T21:36:07.697176

Products

Pricing

Contact Us

66.70.170.27

Last Seen: 2025-03-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

22 / tcp 1627142514 | 2025-03-21T13:46:32.396028

OpenSSH8.2p1 Ubuntu 4ubuntu0.11

80 / tcp 677579724 | 2025-03-24T17:52:53.979055

Hashes

nginx1.18.0

443 / tcp 1910207149 | 2025-03-24T15:44:15.705960

Hashes

nginx1.18.0

3000 / tcp -1787080852 | 2025-03-28T12:26:20.219458

Hashes

4000 / tcp -1246004407 | 2025-03-23T21:36:07.697176

Products

Pricing

Contact Us

Vulnerabilities

22 / tcp

1627142514 | 2025-03-21T13:46:32.396028

80 / tcp

677579724 | 2025-03-24T17:52:53.979055

443 / tcp

1910207149 | 2025-03-24T15:44:15.705960

3000 / tcp

-1787080852 | 2025-03-28T12:26:20.219458

4000 / tcp

-1246004407 | 2025-03-23T21:36:07.697176