Represents an unsolicited SIP INVITE request targeting a long numeric destination, with the request accepted for processing by the SIP server (100 Trying). While the Call-ID format appears consistent with legitimate SIP implementations, the absence of prior registration and the use of a PSTN-style numeric target indicate probing of call routing or gateway behavior rather than normal call setup. This behavior is commonly observed during early-stage toll-fraud reconnaissance or PBX routing validation.

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

HTTP request using GET method.

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.