Look at the network “at large” (not just the phone system) and see what is going on there.
Look back through the logs (the five minutes or so before the mail was sent out) and see if there’s anything in there that gives you a clue.
Log onto the server the PBX is on and issue the command “netstat -nr | more” and look at the network setup of your LAN interface on the PBX and the connections to your PBX from the local LAN.
The IP 10.10.10.3 has just been banned by Fail2Ban after
8 attempts against SIP on localhost.
We know the IP was banned due to SIP, meaning the device at (or behind) 10.10.10.3 attempted to register or attempted to make an authenticated call and failed repeatedly. This is almost always a misconifgured device, but could also be an active exploit attempt.