Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

Automated authentication attempt against a WordPress login endpoint using the common default username admin and weak password pattern. Indicative of credential stuffing or default password brute-force activity targeting internet-exposed WordPress installations.

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration