Telnet-based shell activity where the actor enumerates process execution context via cat /proc/self/cmdline (or equivalent) and performs directory navigation using cd. This pattern reflects post-access discovery behavior, where the session is inspecting runtime parameters and exploring filesystem layout to understand the execution environment before staging or executing additional actions. The combination indicates environmental reconnaissance rather than immediate payload deployment.

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration