Should you trust the HTTP response code when analyzing access logs for suspicious traffic?