UNION SELECT, tautologies (OR 1=1), comment sequences, DROP/INSERT/EXEC keywords

<script> tags, JavaScript event handlers (onerror, onload), javascript: URI schemes

../ sequences, /etc/passwd, /proc/self/environ, Windows config files

Shell operator injection (;, |, backtick), remote payload download via wget/curl

5+ HTTP 401 failures from the same IP address — credential stuffing or password spraying

Nikto, sqlmap, Nmap, Burp Suite, DirBuster/Gobuster user-agent fingerprints

.env files, .git repos, backup/SQL dumps, WordPress admin paths

python-requests, curl user-agents — scripted or automated access patterns