Automated SMTP interaction sequence consistent with open-relay validation or spam delivery testing. The client performs a full transaction flow (EHLO → RSET → MAIL FROM → RCPT TO → DATA → QUIT) and submits a minimal test message containing known probe markers such as t_Smtp.LocalIP. This pattern indicates scripted activity attempting to confirm whether the server allows unauthenticated message relaying or outbound mail submission. Such behavior is commonly observed from spam bot infrastructure validating targets before larger abuse campaigns.

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.