Attacker enumerates non-system MySQL database schemas and associated table statistics (row counts, storage size, average row size) via metadata queries against the TABLES catalog. This activity indicates targeted discovery of accessible application datasets and data volume profiling to prioritize exfiltration, credential harvesting, or destructive actions against high-value databases.

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration