SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration