Identifies SIP scanning or probing activity where an attacker sends INVITE requests directly to a target IP address using randomly generated Call-ID tokens. This pattern is commonly associated with VoIP reconnaissance, SIP endpoint discovery, and automated dialer or PBX attack tooling attempting to enumerate reachable SIP services.

Represents an automated SIP INVITE request likely generated by a scanner or bot rather than a legitimate user agent. The behavior is inferred from a combination of a numeric-only SIP Call-ID format and a direct INVITE to a long numeric target without prior registration or dialog context. This pattern is commonly associated with SIP service probing, extension discovery, or early-stage toll-fraud reconnaissance. This behavior indicates reconnaissance activity against a SIP service but does not, by itself, confirm successful call setup or financial abuse.