Notable Threat
IP 51.91.168.102 is a high-risk address with a threat level of 8/10 that has accumulated 1,760 abuse reports primarily linked to VoIP fraud, originating from OVH SAS infrastructure in France. The IP has been flagged by automated honeypot sensors between February and April 2026, with VoIP fraud accounting for the dominant reported threat category. The high volume of reports against a single address indicates sustained malicious activity rather than opportunistic scanning.
Analysis of the available data reveals that this IP operates within AS16276 (OVH SAS), a major French hosting provider commonly associated with both legitimate infrastructure and threat actor operations due to its relaxed abuse handling. The 69% confidence score suggests moderate certainty in the attribution, while the 8/10 threat level reflects the concrete financial fraud risk posed by VoIP exploitation. Over a three-month observation window, the sustained report volume demonstrates persistent targeting of voice infrastructure rather than transient scanning behavior.
VoIP fraud represents a direct financial threat where attackers exploit phone systems to route unauthorized calls, particularly to premium-rate or international numbers. For organizations running exposed telephony services, this activity pattern suggests risks of toll fraud, unauthorized call routing, and potential involvement in larger criminal telephony operations. The real-world impact includes unexpected charges, service degradation, and potential complicity in illegal call campaigns.
Network operators should block this IP at the perimeter firewall and monitor for any attempts to probe Session Initiation Protocol (SIP) services. Implementing call authentication mechanisms such as Secure Telephone Identity Revisits (STIR) and Signature-based Handling of Asserted Information Using Tokens (SHAKEN) can reduce unauthorized call spoofing. Rate-limiting SIP registration attempts and using tools like fail2ban to automatically block repeat offenders provides additional defense. Organizations with VoIP deployments should audit call routing rules and restrict international and premium-rate dialing by default.
CA 
AU 
PE 
CH 
GB 
HK 
PH