IPMediumSignal 73/100

`109.70.100.12`

Location

Austria

Vienna, Wien

ASN

AS208323

Foundation Applied Privacy

First Seen

Aug 26, 2020

Last Seen

Jun 3, 2026

Aug 26

First Seen

2115d ago

Jun 3

Last Seen

8d ago

Reports

source reports

73%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

81 techniques

Network Information

Country

Austria

RegionVienna, Wien

ASNAS208323

OrganizationFoundation Applied Privacy

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

28 reports73% confidence

Source reports

73%

Confidence score

Category tags

#supportsitewebsiteabuse #rootcertificatefailure #cryptographicfaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseanonymization networkanonymization network trafficanonymization_network_originanonymization_service_trafficanonymous proxiesanti-phishingapacheapache attackerapple security bypassas path poisoningattackaustriaauthentication attacksautomated feedautomated_attackbad reputationbad web botbgpblog spambooterbotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercisco devicecivil servicescommand & controlcommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised host indicatorscompromised infrastructure indicatorscore network compromisecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscredential_guessingcredential_stuffingcryptocurrencycyber securitycymtdata encryptiondata exfiltrationdata interceptiondata store exposuredatabase probingdatabase securityddosddos attackddos attacksdecoy systemdefensedenial of servicedevice managementdionaea honeypotdistributed attacksedge infrastructure exploitelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexecutable fileexit nodeexit node threatexploitexploitation activityexploited hostfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefirmware attackfraud ordersftpftp brute forceftp brute-forceftp_attemptsftp_brute_forcegeofencing malwaregovernment technologyhackinghashhoneytrap honeypothttp brute forcehttp scannerhttp-floodhttpsidentity & access exploitationidmsa abuseindicatorindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinter-as route manipulationinternet of thingsintrusion detectioniociocsiot botnetiot securityiot/ics attackit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjtag exploitationl7-ddoslamplateral movementlateral network movementmailoney honeypotmalicious activitymalicious domainmalicious domainsmalicious filemalicious hashesmalicious ipsmalicious linksmalicious softwaremalicious urlsmalwaremalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmirai botnetmobile carriersmobile networksnemucodnetworknetwork attacksnetwork infrastructurenetwork infrastructure attacknetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork_attacknetwork_indicatorsnetwork_reconnaissancenextrayopen proxyopenctiopenphish feedopenphish iocpassword attackpassword attackspdfpersistence mechanismphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsping of deathpmic manipulationpossible credential stuffingpossible reconnaissancepotential botnet activitypotential malicious activityprocess injectionprotocol exploitationprotocol scanningprotocol_scanningproxypublic administrationpublic infrastructurepublic policyrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingrouting protocolscams & fraudscannerscanning activitysecurity operationssecurity policysentrypeer botnetservice enumerationservice scansftp attacksftp attackssip attackssip scansmtpsmtp probingsocial engineeringsoftware developmentsophisticated firmware persistencespamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsshssh attackssh monitoringssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsupply chain attacksupply chain compromisesuspicious-udpsyn scant1005t1018t1021t1021.001t1021.002t1040t1041t1046t1048t1055t1059t1059.003t1059.004t1071t1071.001t1071.004t1076t1077t1078t1083t1090t1090 proxyt1090.002t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1113t1133t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1542.001t1542.005t1550t1563t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scanningtelecom servicestelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtier-1 network vulnerabilitytls fingerprinttortor exit nodetor exit nodestor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_exit_nodetorexittorexitnodestpotunattributed_threat_activityunauthorized access attemptunited statesurlhausvoipvoip attackvpnvpn ipvpn trafficvulnerability scanvulnerability-exploitationwebweb app attackweb application attackweb application scanweb exploitationweb hostingweb securityweb spamweb traffic

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 3, 2026

GeolocationAT

CountryAustria

LocationVienna, Wien

ASNAS208323

OrgFoundation Applied Privacy

Coords48.2089, 16.3721

ProxyVPN

VirusTotal

Not checked

WHOIS

description: tor search result.
raw: inetnum: 109.70.100.0 - 109.70.100.127 netname: Tor-Exit-Anonymizer--Foundation-for-Applied-Privacy remarks: Send abuse emails to: [email protected] country: AT org: ORG-PRIV3-RIPE admin-c: FFAP1-RIPE tech-c: FFAP1-RIPE status: SUB-ALLOCATED PA mnt-by: APPLIEDPRIVACY-MNT created: 2022-01-08T15:23:22Z last-modified: 2022-01-08T15:23:22Z source: RIPE remarks: --------------------------------- remarks: This network is used for research remarks: in anonymization services and remarks: provides Tor exit nodes to end users. remarks: https://appliedprivacy.net/abuse remarks: --------------------------------- remarks: Dieser Netzblock wird zur remarks: Erforschung von Anonymisierungs- remarks: techniken genutzt und stellt remarks: Endnutzern Tor Exit Nodes zur Verfuegung. remarks: https://appliedprivacy.net/de/abuse remarks: --------------------------------- organisation: ORG-PRIV3-RIPE org-name: Foundation for Applied Privacy country: AT descr: ZVR: 1254016365 org-type: OTHER address: Floragasse 7, 5. OG address: 1040 Vienna address: Austria phone: +43 670 3553536 abuse-c: ATF13-RIPE mnt-ref: AS1764-MNT mnt-ref: APPLIEDPRIVACY-MNT mnt-by: AS1764-MNT mnt-by: APPLIEDPRIVACY-MNT created: 2018-04-13T13:17:07Z last-modified: 2022-12-01T17:23:23Z source: RIPE # Filtered role: Foundation for Applied Privacy NOC address: Floragasse 7, 5. OG address: 1040 Vienna address: Austria phone: +43 670 3553536 nic-hdl: FFAP1-RIPE mnt-by: APPLIEDPRIVACY-MNT created: 2020-04-19T16:48:40Z last-modified: 2025-03-09T10:17:21Z source: RIPE # Filtered route: 109.70.100.0/24 origin: AS208323 mnt-by: AS1764-MNT created: 2019-09-06T12:05:10Z last-modified: 2020-04-20T09:32:25Z source: RIPE
references: https://ltna.com.au/cyber

`109.70.100.12`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy