Logs show access from IPs we don’t recognize.
There’s no obvious service outage, but the activity looks suspicious.
I’m trying to determine whether this is expected behavior or a security incident?
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Logs show access from IPs we don’t recognize.
There’s no obvious service outage, but the activity looks suspicious.
I’m trying to determine whether this is expected behavior or a security incident?
Unknown IP activity often points to compromised credentials or overly permissive service accounts. Because cloud services operate globally, attackers don’t need to be near your region.
Some legitimate cloud services also use rotating IP ranges, which can complicate analysis. The key is correlating IP activity with identity behavior rather than relying on IP reputation alone.
Takeaway: Investigate who performed the action, not just where it came from.