The Encryption module contains a microflow Decrypt. If the string input parameter isn't encrypted, it throws a warning and returns the plain string input. The microflow has no allowed roles, so it should not be accessible by api or anything. Now this warning is thrown in our app log hundreds of times within a few milliseconds, multiple times a day. I've extended the warning log a bit to investigate. - the current user is anonymous, the same within each "batch" of logs. Anonymous users can do virtually nothing in our app, except stuff like log in, sign up, use forgot password feature. - the Decrypt microflow wasn't called from another microflow or action it seems. I'm using (from the ApprontoCommon module) a java action GetMicroflowName to get to the previous item in the java ActionStack. The previous action is unnamed, I'm getting something like Unnamed-Action-19947251. There is no regular anonymous user action to explain these logs. First of all, no one can click a button that much within milliseconds. Also, the frequency of these "batches" is much less than users logging in or out and much more than other anonymous actions like signing up or using the forgot password feature. Also using these features we cannot reproduce these logs, which makes sense because the Encryption module plays no part in them. What could be happening here? Is this a hacking attempt? How is this Decrypt microflow executed without a named caller action if it has no allowed roles and therefore should not be exposed in the runtime api or something?