We come across this quite frequently and it is just the hackers scanning.
I'm not familiar with your particular handset but what is very likely happening is that because you are registering to your provider there is a NAT tunnel open and this is what they are hitting on,
In most cases where we see that what is happening is you have your transport protocol set to UDP and your phone will be listening on a port at or around 5060.
A very quick fix usually is to switch the transport protocol to TCP if your provider supports it, most providers do nowadays.
If that is not an option many sip phones have some sort of setting to block any other traffic that does not come from the sip provider they are registered to.
Hope this helps, I know the pain of that.