Elevated Risk
IP address 91.208.92.163 is a moderate-to-high-risk address associated with VoIP fraud activity, originating from United Kingdom-based network infrastructure and generating 214 total abuse reports within a concentrated two-month window. The threat level of 8/10 reflects significant malicious behaviour despite an activity frequency of 0/10, suggesting bursts of concentrated abuse rather than sustained persistent scanning. With a confidence score of 71%, threat-intelligence analysts have moderate certainty that this address is intentionally involved in fraudulent VoIP operations rather than collateral compromise.
Detection data shows all 20 most recent reports from automated honeypot sensors uniformly attribute this IP to Fraud VoIP, indicating the address was observed attempting to exploit voice-over-internet-protocol systems. The 214 total reports accumulated between February and March 2026 represent a relatively dense cluster of abusive activity across a short timeframe. Geographically mapped to Great Britain and routed through AS212027 under PebbleHost Ltd operations, this address presents a clear IP reputation concern for any organisation operating telephony or session-border controller infrastructure exposed to internet traffic.
VoIP fraud represents a financial threat vector where attackers compromise or relay through telephony systems to route unauthorized calls, frequently targeting premium-rate numbers to generate illicit revenue. The concrete risk to an exposed VoIP service includes unauthorized call origination, servicetheft through compromised credentials, and potential use as a transit point for larger-scale telephony fraud campaigns. Even organisations without direct VoIP deployments face indirect risk if their network segments contain vulnerable telephony endpoints or if their IP space becomes associated with fraud, damaging reputation and deliverability scores.
Site operators should immediately block or closely scrutinise inbound connections from 91.208.92.163 at the network edge, particularly any traffic targeting SIP ports 5060 or associated RTP ranges. Implementing fail2ban or similar dynamic firewall rules can automatically mitigate repeated abusive sources. Organisations running VoIP infrastructure should enforce strong authentication for SIP registration, apply call-pattern anomaly detection, and restrict international and premium-rate dialing unless explicitly authorised. Ongoing monitoring of abuse feeds and IP reputation lists will help maintain awareness of any re-emergence from this or neighbouring addresses within the same ASN allocation.
RO 
JP 
LV 
KR 
TH