Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

FTP session where the client issues HELP, SYST, and FEAT commands to query supported commands, system type, and server capabilities before terminating the session.

Client performs a modern MongoDB handshake using the hello command followed by a buildinfo request to gather server capabilities and version details. This sequence is commonly associated with automated fingerprinting or discovery activity against exposed MongoDB instances rather than normal application queries.