FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.