Substantial Risk
IP 31.70.66.9, allocated to IONOS SE in Germany under ASN AS8560, presents a high-risk threat profile with a threat level of 8 out of 10 and a confidence score of 92 percent based on 575 total abuse reports. The address was flagged exclusively by automated honeypot sensors during May 2026, indicating sustained automated malicious activity originating from this source.
The aggregate report volume of 575 incidents across all detection sources demonstrates persistent hostile intent, with an activity frequency rating of 8 out of 10 underscoring ongoing engagement with target systems. While the most recent reports specifically document Fraud VoIP activity detected across 20 honeypot instances, the substantial total report count suggests this address may have been associated with multiple threat categories over time. The network operator IONOS SE, a major European hosting provider, hosts a range of customer infrastructure which may include both legitimate services and compromised systems contributing to the observed abuse patterns. The geographic concentration in Germany places this IP within a major European digital corridor, making it relevant to organizations operating VoIP infrastructure across the region.
Fraud VoIP activity represents an exploitation of telephony systems to generate unauthorized charges, typically by routing calls through premium rate numbers or hijacking legitimate VoIP accounts for financial profit. For organizations running SIP-based phone systems or open VoIP ports, this pattern of activity indicates a concrete risk of service abuse, unexpected financial losses from premium-rate call routing, and potential compromise of telephony credentials. The automated nature of the detections confirms this is systematic scanning or exploitation rather than opportunistic probing.
Site operators should immediately block this address at the network perimeter firewall and implement real-time abuse feed integration for ongoing updates. VoIP administrators should enforce strong authentication on SIP ports, apply call admission control policies, and restrict premium-rate and international dialing where not required. Deploying tools such as fail2ban or equivalent log-analysis frameworks can automate the detection of anomalous authentication patterns. Continuous monitoring of call detail records and implementing call authentication standards will further reduce exposure to telephony fraud originating from addresses like this one.
ES 
GB 
FR 
AT 
VN