Represents an automated SIP INVITE request likely generated by a scanner or bot rather than a legitimate user agent. The behavior is inferred from a combination of a numeric-only SIP Call-ID format and a direct INVITE to a long numeric target without prior registration or dialog context. This pattern is commonly associated with SIP service probing, extension discovery, or early-stage toll-fraud reconnaissance. This behavior indicates reconnaissance activity against a SIP service but does not, by itself, confirm successful call setup or financial abuse.

Interactive post-access reconnaissance behavior that fingerprints the MySQL execution environment while actively validating query side effects. Combines server variable enumeration, timezone offset inference, and warning inspection to map configuration, regional context, and permission boundaries, and to detect suppressed errors or execution anomalies before attempting higher-risk operations.