I have obihai logs forwarded to my linux server, and I found something interesting there. Here is what I get:
CCTL:NewCallOn Term 1[0] ->,00972592573636
[SLIC] Command: 0, 3, 0, 0, 4, 1086051296,
[SLIC] CID to deliver: '201' 201
[SLIC] Command: 0, 4, 5, 0, 0, 0,
[SLIC] Command: 0, 1, 1, 0, 0, 0,
[SLIC] Command: 0, 11, 0, 0, 0, 0,
CCTL:NewCallOn Term 1[1] ->,00972592573636
[SLIC] Command: 1, 3, 0, 0, 4, 1086051296,
[SLIC] CID to deliver: '201' 201
[SLIC] Command: 1, 4, 5, 0, 0, 0,
[SLIC] Command: 1, 1, 1, 0, 0, 0,
[SLIC] Command: 1, 11, 0, 0, 0, 0,
[SLIC] Command: 0, 10, 2, 0, 0, 0,
[SLIC] Command: 1, 10, 2, 0, 0, 0,
PARAM Cache Write Back(256 bytes)
[SLIC] Command: 0, 10, 4, 0, 0, 0,
[SLIC] Command: 1, 10, 4, 0, 0, 0,
[SLIC] Command: 0, 10, 3, 0, 0, 0,
[SLIC] Command: 1, 10, 3, 0, 0, 0,
[SLIC] Command: 0, 10, 3, 0, 0, 0,
[SLIC] Command: 1, 10, 3, 0, 0, 0,
CCTL:NewCallOn Term 1[0] ->,011972592573636
CCTL:NewCallOn Term 1[1] ->,011972592573636
SIP DLG reject: 486
In other words, it's not just a scanner, but it looks like an attempt to make an outgoing call to Palestinian territories in Israel (972-59 number). I don't know what these SLIC commands mean. CID to deliver is the CID I saw on the phone screen. An entry in call history also says From '201' SP1(201).
Obviously, there is no record of such call on my VSP call history - so it is clearly a call directly to my IP address port 5060