High Risk
IP address 172.110.223.54 is a high-risk address associated with VoIP fraud activity, assessed at a threat level of 7 out of 10 with a 75% confidence score based on automated honeypot detection across 20 report sources. The IP originates from Hong Kong and is routed through ASN 23470 operated by ReliableSite.Net LLC, with hostile activity first documented in March 2026 and continuing through April 2026.
The reported threat classification for this address centres on Fraud VoIP, accounting for all 20 verified honeypot detections within the specified timeframe. While the total report count of 486 suggests ongoing monitoring attention, the discrepancy between aggregate reports and the specific VoIP fraud classification warrants careful interpretation of activity patterns. The notably low activity frequency score of 0 out of 10 indicates that detected hostile actions may be intermittent or selectively targeted rather than representing continuous automated scanning. The geographic origin in Hong Kong places this IP within a region that has been monitored for telephony infrastructure abuse, though attribution to specific threat actors cannot be determined from the available telemetry.
VoIP fraud exploits internet telephony infrastructure to route unauthorized calls, typically toward premium-rate or international numbers that generate illicit revenue for threat actors. An IP engaged in such activity poses a material risk to any exposed telephony service, potentially enabling unauthorized call origination, caller ID spoofing infrastructure, or connection to fraudulent call centres. For organisations operating SIP trunking, VoIP PBX systems, or session border controllers, exposure to this address could result in significant financial liability through fraudulent toll charges or compromise of telephony credentials used for outbound calling services.
Defensive measures should include implementing robust SIP authentication mechanisms and restricting peer-to-peer VoIP traffic at network boundaries. Operators should enforce strict call pattern monitoring with alerting thresholds for anomalous premium or international dial destinations. Additionally, deploying fail2ban or equivalent log-analysis tools to detect credential-guessing patterns against VoIP services, combined with geolocation-based access restrictions for telephony management interfaces, will substantially reduce exposure to this threat vector.
PH 
KR 
UA 
RO 
MX 
UG 
FR 
CA