High Risk
IP address 31.70.86.134, allocated to IONOS SE in Germany, is a high-risk threat actor with a threat level of 7 out of 10 and a confidence score of 91 percent. This address has accumulated 1000 total abuse reports with an activity frequency rated 8 out of 10, indicating sustained and aggressive malicious behavior. The dominant threat category is VoIP fraud, which represents the primary risk posed by this IP to exposed telephone and communication infrastructure.
The volume and consistency of reports point to a persistent, automated threat operation. Detection data from 20 automated honeypot sensors confirms repeated hostile activity concentrated between May and June 2026, suggesting an active campaign during that reporting window. Despite its origin within a major German hosting provider's address space, the pattern of abuse indicates compromise or deliberate misuse of the infrastructure for financial fraud rather than coincidental scanning traffic.
VoIP fraud exploits telephone systems to generate unauthorized revenue, typically by routing calls through compromised or fraudulent accounts to premium rate numbers. For organizations running exposed VoIP services, this translates to direct financial losses through fraudulent call charges, potential service disruption, and reputational damage. The scale of reports against this address suggests it has been used systematically to perpetrate such fraud, making it a concrete threat to any telephony environment it can reach.
Site operators should immediately block or rate-limit traffic from this address at the network perimeter. Call authentication mechanisms such as STIR/SHAKEN should be enforced, and international or premium-rate dialing should be restricted to authorized users only. Monitoring call records for anomalies and implementing authentication hardening on all VoIP endpoints will reduce exposure. Defensive tools like fail2ban can help detect and block automated login attempts targeting SIP services.
ES 
GB 
FR 
AT 
CH 
UA