Substantial Risk
IP 107.189.22.56 is a high-risk address associated with VoIP fraud, hosted within the Netherlands by RouterHosting LLC (AS14956), with 304 abuse reports filed against it and a threat level of 7/10. The dominant threat category driving this reputation is fraudulent VoIP activity, detected exclusively through automated honeypot sensors.
The IP accumulated its 304 reports entirely within the March 2026 timeframe, with all detections originating from automated honeypot infrastructure rather than community or user-submitted sources. The reported threat category across recent reports is VoIP fraud, accounting for the entirety of the categorized submissions. Despite the substantial report volume and elevated threat score, the activity frequency metric reads at 0/10, suggesting the offensive behaviour is intermittent, seasonal or clustered in specific detection windows rather than representing constant scanning. The Netherlands-based ASN ownership by RouterHosting LLC places this address within a commercial hosting environment frequently leveraged for both legitimate and abusive infrastructure.
VoIP fraud represents a financially motivated threat vector where compromised or malicious phone systems are exploited to route or originate unauthorized calls, typically directed toward premium-rate numbers to generate illicit revenue. For organisations operating VoIP infrastructure or telephony services, an IP with this classification near exposed SIP ports or registration endpoints poses a direct risk of resource hijacking, unexpected toll charges and service degradation. The 68% confidence score indicates moderate certainty in attribution, meaning the activity pattern aligns strongly with known VoIP fraud signatures but some ambiguity remains regarding the precise exploitation method or victim profile.
Site operators should block this address at the network perimeter if VoIP services are not intended for external access, and apply fail2ban or similar dynamic blocking tools to automatically reject repeated suspicious registration attempts targeting SIP services. Restrict international and premium-rate dialing where possible, implement strong authentication for VoIP accounts and enable call pattern monitoring to flag anomalous outbound traffic. Regularly audit exposed telephony endpoints and consider IP-based access control lists limiting which addresses may interact with registration interfaces.
US 
CH 
MC 
UA 
GB 
IR 
CO