5.39.11.101 — OVH SAS, FR — Very High (95%)

Check an IP Address, Domain Name, Subnet, or ASN

5.39.11.101 was found in our database!

Confidence Level

95%

Very High?

Geolocation

🇫🇷

France

ISPOVH SAS

ASNAS16276

Activity Timeline

First seenFeb 3, 2026, 11:57 AM

Last seen11d ago

12,163Sessions

42,586Events

Protocol Breakdown

SIP

12163 / 42586

5.39.11.101 has a very high threat confidence level of 95%, originating from France, on the OVH SAS network (16276). It has been observed across 12,163 sessions targeting SIP, First observed on February 3, 2026, most recently active February 19, 2026.

Behaviors

Classified behavioral patterns observed

Sip Options Capability Probe Structured

low34x

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

Primitives

Individual actions observed

Sip Call Id Alphanumeric Entropy12199 Sip Register Request12165 Sip Call Id Long Numeric34

Related Threats

Explore related threat intelligence

🇫🇷More threats fromFrance ASMore threats fromOVH SAS SIPMore threats targetingSIP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
51.83.143.139	90%	42,848
87.98.242.75	97%	14,194
51.89.235.201	89%	33,897
51.91.168.102	99%	477,877
141.94.237.134	100%	690

IP Address	Confidence	Events
91.240.64.6	99%	1,038
51.83.143.139	90%	42,848
51.91.168.102	99%	477,877
141.94.237.134	100%	690
87.106.213.49	99%	3,695