Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
101.0.104.38 has a very high threat confidence level of 99%, originating from Sydney, Australia, on the Hostopia Australia Web Pty Ltd network (55803). It has been observed across 3,049 sessions targeting SIP, First observed on January 24, 2026, most recently active March 3, 2026.
Automated SIP INVITE requests initiating direct call setup toward a numeric extension, indicating scripted VoIP interaction rather than passive capability probing. The client attempts to establish a call session (e.g., extension-to-extension dialing such as 100 → 100) using high-entropy Call-ID values, a pattern frequently associated with automated dialers, toll-fraud reconnaissance, or PBX abuse tooling. These interactions validate whether the endpoint accepts call initiation and may precede brute-force registration attempts, relay abuse, or fraudulent outbound call campaigns.
Represents an unauthenticated SIP INVITE request using a non-standard long numeric Call-ID that is accepted for processing by the SIP server, as indicated by a 100 Trying response. This behavior suggests an automated or custom SIP client testing call handling or routing logic rather than a legitimate user agent. The combination of a bot-like Call-ID format and successful INVITE processing indicates elevated reconnaissance or early-stage abuse of call routing, even in the absence of call establishment.
Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.