Significant Threat
IP 194.213.3.5 is a high-risk address with a threat level of 8/10 that has been linked to 375 abuse reports, predominantly involving VoIP fraud activity detected across automated honeypot sensors. Originating from the United Kingdom and operating through AS212027 under PebbleHost Ltd, this IP has demonstrated sustained malicious behaviour between February and May 2026, with an activity frequency rating of 8/10 indicating consistent, repeated exploitation attempts rather than isolated incidents.
The abuse database contains 375 reports attributed to this address, with all recent submissions classified under the Fraud VoIP category. Detection has been entirely sourced from automated honeypot infrastructure, yielding a 91% confidence score that places this assessment among the more reliable conclusions in the threat-intelligence corpus. The network operator PebbleHost Ltd, which controls AS212027 in the United Kingdom, may have terms-of-service provisions that prohibit such activity, though the volume and persistence of reports suggest enforcement challenges or deliberate abuse of the provided services.
VoIP fraud represents a financially motivated threat category that exploits telephony infrastructure to place unauthorized calls, frequently targeting premium-rate or international numbers to generate illicit revenue. For organisations operating SIP-based systems, session border controllers or other VoIP endpoints exposed to this IP, the risk includes unauthorized call routing, service theft and unexpected billing charges. The sustained frequency and volume of reports indicate that this address is actively engaged in systematic scanning or probing behaviour aimed at identifying vulnerable telephony deployments rather than random, opportunistic traffic.
Defensive measures should include implementing call authentication protocols such as STIR/SHAKEN on VoIP endpoints, monitoring call detail records for anomalous patterns consistent with premium-rate dialling, and restricting international and premium-rate number access unless explicitly authorised by business need. Rate-limiting on SIP registration attempts and failed authentication responses can further reduce exposure. Administrators are advised to review access logs for interactions with this address and consider blocking or rate-limiting traffic from this source using standard tools such as fail2ban or equivalent firewall policies.
RO