ハニーポットの観測(T-Pot:2025/12)Observation of Honeypot

セキュリティ
ブログ

今月のアクセス数上位ポート

今月は1100万件ありました。先月から300万件もふえました。やはりDDoSの影響が数字に影響を与えます。やはり19番ポートへのアクセスが影響大です。今月もトルコからのアクセスが大半でした。

アクセス数上位ポート ①19(Chargen) ②5060(SIP) ③445(SMB) ④5902(?) ⑤5903(?)

19番ポート
5060番ポート
445番ポート
22番ポート
25番ポート
53389番ポート
6379番ポート
5900番ポート
23番ポート

今月のアクセス数上位国

アクセス数上位国 ①トルコ(19) ②アメリカ(5060) ③中国(19) ④イギリス(19) ⑤ドイツ(25)

今月は、ヨーロッパが多い。イギリス、ドイツが入ってくることはあまりなかった気がします。イギリスの19番ポートは、ただ単に使われただけ感がありますが、ドイツの25番ポートはなぜドイツだったのでしょう?

今月の攻撃IDパスワード

ユーザ名(top500)試行数パスワード(top500)試行数
root
admin
user
ubuntu
test
oracle
postgres
alex
Admin
git
guest
mysql
hadoop
345gs5662d34
sa
debian
pi
sol
backup
nginx
solv
solana
ftpuser
ftp
www
developer
docker
es
dspace
elastic
dev
centos
apache
newuser
administrator
elasticsearch
ftptest
support
odoo
deploy
master
server
tomcat
jenkins
test1
ec2-user
zabbix
(空白)
es2
operator
weblogic
daemon
123
ubnt
www-data
nagios
testuser
minecraft
redis
validator
steam
user1
test2
gerrit
open
admin1
bitnami
uftp
vagrant
ansible
student
username
Accept: /
anonymous
simplified
source
sysadmin
webmaster
wang
svn
test3
User-Agent: python-requests/2.27.1
demo
tom
kafka
mongodb
system
ts3
secret
dolphinscheduler
dell
sonar
deployer
rosa
GET / HTTP/1.1
bot
default
nexus
user2
node
fedora
tempuser
frappe
gitlab
web
esuser
test4
User-Agent: Go-http-client/1.1
app
oscar
redhat
gpadmin
dmdba
0
loginuser
zookeeper
huawei
webadmin
devops
plex
prueba
grid
search
manager
Accept-Encoding: gzip
dbadmin
lenovo
gitlab-runner
jito
ssh
teamspeak
asterisk
cacti
ftpadmin
eth
minima
rancher
a
bob
squid
ranger
ts
kingbase
nvidia
vyos
1234
orangepi
azureuser
flink
runner
odoo17
root1
super
richard
service
tools
AdminGPON
amir
ethereum
hduser
sshd
user3
vps
lighthouse
monitor
david
jira
appuser
info
flask
cisco
factorio
fred
user01
User-Agent: chrome/126.0.0.0
hive
niaoyun
ali
httpd
vncuser
vpn
odoo16
odoo18
sql
bigdata
onkar
john
samba
linux
palworld
root2
kali
bin
debianuser
media
btf
sammy
Administrator
adam
esearch
share
sync
testftp
basit
cbm
teste
thomas
123456
ftpguest
helpdesk
kipt
opc
yealink
Test
lsfadmin
nobody
proxy
wso2
client
cloud
elsearch
gg
installer
nsroot
rocky
1
api
astra
bitrix
cinema
config
dba
smart
sqladmin
aaa
hello
jacob
splunk
tech
tester
victor
abc
andy
free
nextcloud
syncthing
tibero
worker
z
kelly
myuser
proxyuser
nikita
rebecca
redmine
sahil
webuser
work
guest1
library
observer
terraria
admin123
jumpserver
langchain
auto
bdp
cf1c22
cms
dtplat
erp
erpnext
george
kim
kyt
matei
matrix
mega
old
roamware
sit
thin
trader
user_czn
wacos
wrpinto
xbmc
yarn
zmarin
admian
anton
belkinstyle
casaos
cds
chaima
create
delhi
deploy_jenkins
dixi
dummy3
exploit
fac
g
img
ionadmin
iplms
joel
joggler
lucky
newadmin
nil
office
omm
person
rimuru
tangxy
umra
weewx
xwld
zhyfj114514
zjw
zlm
godfrey
ituser
ivan
joaquin
joro
kuro
psybnc
qiyuesuo
sipv
software
strycek
veysel
GET /cgi-bin/authLogin.cgi HTTP/1.1
GET /solr/admin/cores?(略) HTTP/1.1
GET /v2/_catalog HTTP/1.1
adMIN
cloudera
cozmo
dgxadmin
github
jack
kubernetes
max
mongo
padhm
syncuser
telecomadmin
xfusion
zzc
GET /query?q=SHOW+DIAGNOSTICS
adminuser
ahmed
customer
django
exx
hu
javad
kapsch
messagebus
middleware
rahul
telnet
tony
user100
userb
usuario
GET /solr/admin/info/system
blue
builder
data
list
nishant
openbravo
paas
plexserver
radio
router
vhserver
USER
aDmIn
actions
devuser
esroot
gns3
gpuadmin
intel
moodle
packer
roots
ADMin
ADmiN
AdMIn
AdmiN
acer
backend
deamon
halo
mapr
mike
solr
spark
svnuser
trading
ts1
user5
valheim
vpnuser
airflow
angel
autcom
cgpexpert
ddd
int
jrodrig
pivpn
pul
rstudio
supervisor
ts2
tushar
wpyan
yuanwd
zhouh
adMIn
admin1234
bitwarden
cc
dd
elemental
ftp1
java
jmarquez
peter
socks
sonarqube
toto
GUeSt
aDMIn
aDMin
amssys
azure
carol
epsuser
hdfs
joe
mc
odoo15
superset
test01
user6
zhangsan
GuesT
aDmin
alireza
daniel
degen
fan
guest123
liyang
local
mcserver
neo4j
ollama
soporte
storage
superadmin
vtatis
GUESt
USR2
aDmiN
botuser
copia
gUEsT
gits
intell
oneadmin
onlime_r
prOXyUSer
pritchard
qw
sales1
sftp
sistemas
stperez
tidb
tuan
userroot
will
GUEst
GuEsT
UsEr
admin2
adsl
alan
aman
brain
cseadmin
csgo		35818
8547
5348
4318
3592
3327
2963
2184
2096
1893
1789
1701
1369
1210
1102
1058
1008
843
763
746
700
691
677
655
655
607
603
587
571
552
532
521
504
485
477
454
448
422
408
393
391
375
371
370
365
362
362
325
322
306
286
276
270
243
241
238
238
236
233
206
205
203
194
182
182
180
179
178
175
171
168
165
159
157
157
157
157
156
155
154
154
152
150
150
146
143
142
141
140
136
132
123
120
119
113
113
113
112
109
108
104
102
101
100
100
99
99
97
97
95
95
94
93
91
91
91
90
84
81
81
81
80
78
75
72
72
72
71
71
69
69
68
67
67
66
66
66
65
64
64
63
63
62
62
61
59
59
58
58
58
57
57
57
56
56
56
55
55
55
55
55
55
55
54
54
53
53
52
52
51
50
50
50
50
49
48
48
47
47
47
47
46
46
46
45
45
44
44
43
43
43
42
41
41
41
40
40
39
39
39
39
39
39
38
38
38
38
37
37
37
37
37
37
36
36
36
36
36
35
35
35
35
35
35
35
34
34
34
34
34
34
34
34
34
33
33
33
33
33
33
33
32
32
32
32
32
32
32
32
31
31
31
30
30
30
30
30
30
29
29
29
29
28
28
28
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
25
25
25
25
25
25
25
25
25
25
25
25
24
24
24
24
24
24
24
24
24
24
24
24
24
24
24
24
24
23
23
23
23
23
23
23
23
23
23
23
23
23
23
23
23
23
22
22
22
22
22
22
22
22
22
22
22
22
21
21
21
21
21
21
21
21
21
21
21
20
20
20
20
20
20
20
20
20
20
20
20
20
20
20
20
20
20
19
19
19
19
19
19
19
19
19
19
19
19
19
19
19
19
18
18
18
18
18
18
18
18
18
18
18
18
18
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
14
14
14
14
14
14
14
14
14
14		123456
admin
password
123
(空白)
123456789
12345678
alex
12345
1234
qwerty
P@ssw0rd
111111
345gs5662d34
3245gs5662d34
1q2w3e4r
admin123
passw0rd
123123
1234567
654321
ubuntu
root
1234567890
password1
123qwe
1
welcome
test
p@ssw0rd
nginx
abc123
user
0
root123
solana
123abc
123321
Password
qwerty123
letmein
wasd
pass123
Host: 180.○.○.○:23
postgres
1qaz2wsx
sol
guest
321
solv
12
123qwerty
54321
test123
4321
oracle
es2
Passw0rd
default
admin@123
debian
server
git
666666
toor
pass
qwer1234
root@123
1234qwer
mysql
qwe123
password123
q1w2e3r4
ubnt
changeme
123123123
P@ssw0rd123
Admin@123
secret
1q2w3e
fuk19600
ftp
passwd
administrator
Aa123456
Accept-Encoding: gzip, deflate
Connection: keep-alive
deploy
oracle123
centos
raspberry
q1w2e3
hadoop
qwertyuiop
1qaz@WSX
www
dragon
apache
0
testuser
master
postgres123
P@ssword
root1
test1
test321
iloveyou
pass1234
555555
123456a
21
Password1
dev
validator
987654321
abcd1234
docker
bot
qwerty123456
passpass
test@123
7777777
user1
321123
888888
zabbix
node
support
ubuntu@123
ftpuser
jenkins
mysql123
Connection: close
root1234
operator
123456b
123456c
admin1
Accept: /
alpine
elasticsearch
Admin123
git123
redhat
PASSWORD
demo
test2
ubuntu123
admin1234
elastic
guest123
developer
user123
n0=acc3ss
oracle@123
user@123
!QAZ2wsx
adminadmin
backup
minecraft
rootroot
1111
weblogic
1qazXSW@
jito
nginx123
dspace
ethereum
system
1qazxsw2
Pa$$w0rd
plex
vagrant
Admin@9000
Huawei12#$
google
linux
mynoob
a
tomcat
web
postgres@123
!Q2w3e4r
hadoop123
testpass
git@123
odoo
qwertyui
Qq123456
es
ftpuser123
root123456
ansible
Qwerty1
ftp123
wang123
P@ssword123
server@123
sonar
Xpon@Olt9417#
anonymous
root12
Ab123456
gpadmin
nagios
orangepi
1qaz@wsx
deployer
guest1
manager
teamspeak
ts
ALC#FGU
P@55w0rd
devops
student
test3
gitlab
pi
——fuck——
aa123456
amir
dev123456
kafka
welcome1
Huawei@123
tom
uftp
A123456a
jyb-2025
nexus
steam
aA123456
!Q@W3e4r
1Q2w3e4r
dolphinscheduler
rancher
temp
vyos
data
squid
1234abcd
david
ec2-user
grid
lenovo
nPSpP4PBW0
oracle1
ranger
redis
steam123
nvidia
odoo17
rootpass
!@#$%^&*
Aa@123456
a1234567
a123456A
cisco123
dolphinscheduler123
eth
app
gitlab-runner
sysadmin
11111111
Root123
appuser
esuser
flink
hive
odoo18
oscar
pa55w0rd
wang
123qweasd
P
Test123
deploy123
odoo16
123456abc
1qaz@WSX3edc
abcdefg
adminroot
apache123
asterisk
bigdata
click1
config
es123456
postgres1
r00t
rootme
tools
123qwe!@#
321start
admin01
bin
calvin
dell
helpdesk
test1234
user2
@
anonymous@
dmdba
factorio
jira
qq123456
!@#$%
123456qw
123pls123A!
bob
ftpguest
ftptest
oscar123
p4ssw0rd
palworld
sshd
super
tom123
www123
88888888
huawei
media
root12345
samba
tomcat@123
zookeeper
basit
fred
pa55word
root1234567
runner
user3
0l0ctyQh243O63uD
P4ssw0rd
P4ssword
Password@123
esearch
kingbase
p@ssword
root12345678
root123456789
Guest123
daemon
dell@123
ipscan
jenkins123
m0n1t0r
nsroot
rocky
testing
ubuntu1
api
elastic123
elasticsearch123
odoo123
onkar123
p4ssword
yealink
123solana
OkwKcECs8qJP2Z
abc@123
asteriskftp
dbadmin
docker123
kipt
library
lsfadmin
minima
qwerty12
1q2w3e4r5t
1qaz!QAZ
Aa112233
Abcd1234
Pa$w0rd
Pa$word
admin2024
dcc8080990a.
geyser
langchain
vps
wso2
!@
—fuck_you—-
@dmn!Amn3t
Changeme_123
User123
abc
access
andrew
bdp
cisco
cms
dtplat
joel
matrix
office
open
roamware
root321
service
sit123456
tester
thin123
wacos
123.com
Password123
Ubuntu123
adminpass
backup123
chaima
delhi
deploy_jenkins
eve
exploit
fac
huawei@123
img
iplms
omm
shredstream
tangxy@123
umra@123
zhyfj114514
123qwe123
Qwerty
a123456
dspace123
erp
ftp1
godfrey
installer
ituser
joaquin
kuro
newuser
nextcloud
postgresql
proxy
solana123
thomas
welc0me
xwld123456
0
Aa12345678
Aa123456@
Solana
cf1c22
cozmo
dgxadmin
es123
george
nimda
pa$w0rd
qaz123!@
testtest
!QAZ@WSX
11111
72ca06
anton
asdf1234
azureuser
explorer
guest@123
mysql1
nikita
nobody
padhm
rebecca
tech
0
12qwaszx
Pa55w0rd
administrator@123
cloud
icatch99
kali
kelly
lenovo@123
trustix
Aa1234567
abc123456
admin12
dspace1
frappe
ftptest123
guestpass
htpcguides
kim123
lifesize
pass@123
qwerty1234
root1234567890
root2024
rr123456rr
software
userpass
11223344
12341234		8240
4455
4013
3006
2676
2192
2144
2118
2101
2002
1847
1251
1222
1211
1185
1125
1079
1045
1030
976
967
946
934
924
921
714
696
671
648
624
592
580
538
527
527
527
475
474
470
459
432
430
409
394
383
377
373
369
365
344
341
341
339
337
336
328
322
303
303
298
266
244
243
242
224
216
207
203
201
196
193
185
182
175
174
173
165
164
164
162
162
161
158
156
154
152
152
150
149
148
148
147
145
145
144
141
136
133
132
129
128
127
126
126
125
123
119
119
117
115
115
114
114
114
113
113
113
112
112
110
110
109
109
107
107
106
102
101
101
100
100
100
97
96
95
94
94
94
93
93
93
92
92
92
90
90
90
90
88
88
88
85
84
82
82
82
81
81
81
81
81
80
80
79
76
76
75
75
75
74
74
74
74
73
73
73
73
73
72
72
71
70
68
68
68
66
66
66
65
65
64
64
63
62
62
62
61
60
60
59
59
59
58
58
58
58
57
57
57
57
57
57
55
55
55
55
55
53
53
52
51
51
51
51
51
50
50
50
49
49
49
49
48
47
47
47
47
47
47
46
46
45
45
45
45
45
45
45
45
45
45
44
44
44
43
43
43
43
43
43
43
42
42
42
41
41
41
41
41
41
41
41
41
41
40
40
40
40
40
39
39
39
39
39
39
39
39
39
39
38
38
38
38
37
37
37
37
37
37
37
37
37
36
36
36
36
36
36
35
35
35
35
35
35
35
35
35
35
35
35
35
34
34
34
34
34
34
34
33
33
33
33
33
33
32
32
32
32
32
32
32
32
32
31
31
31
31
31
31
31
31
31
31
30
30
30
30
30
30
30
29
29
29
29
29
29
29
29
29
29
29
28
28
28
28
28
28
28
28
28
28
28
28
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
27
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
26
25
25
25
25
25
25
25
25
25
25
25
25
25
25
25
25
25
25
25
24
24
24
24
24
24
24
24
24
24
24
24
24
23
23
23
23
23
23
23
23
23
23
23
23
23
23
22
22
22
22
22
22
22
22
22
22
21
21
21
21
21
21
21
21
21
21
21
21
21
21
21
21
21
20
20

スポンサーリンク

コメント