Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
193.181.41.6 has a very high threat confidence level of 97%, originating from London, United Kingdom, on the Arelion Sweden AB network (1299). It has been observed across 225 sessions targeting SIP, First observed on February 27, 2026, most recently active March 2, 2026.
Represents an automated SIP INVITE request likely generated by a scanner or bot rather than a legitimate user agent. The behavior is inferred from a combination of a numeric-only SIP Call-ID format and a direct INVITE to a long numeric target without prior registration or dialog context. This pattern is commonly associated with SIP service probing, extension discovery, or early-stage toll-fraud reconnaissance. This behavior indicates reconnaissance activity against a SIP service but does not, by itself, confirm successful call setup or financial abuse.
Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.