ハニーポットの観測(T-Pot:2025/08)Observation of Honeypot

セキュリティ
ブログ

今週のアクセス数上位ポート

今回から1カ月の期間を基準に観測していきたいと思います。

今月は480万件でした。

アクセス数上位ポート ①5060(SIP) ②445(SMB) ③22(SSH) ④25(SMTP) ⑤5902(VNC?)

5060番ポートのみ

SIP(5900)へのアクセスは、もう通常攻撃ですね。今月はルーマニアからの攻撃が大半でした。

ここ最近「HoneyTrap」が観測する攻撃が増えていましたが、5901と5902へは8月16日(JST)から継続観測しています。「オーストラリア」からのアクセスがとても多いです。

HoneyTrapのみ
HoneyTrapとSentrypeerを除く

8月17日(JST)のドイツが突出しています。22番ポートへのアクセスが極端に増えました。

Ciscoasaのみ

Ciscoasaが観測したものが左図です。8月12日(JST)から増え始め8月28日(JST)が極端に増えました。

Cisco、ファイアウォール製品群にアドバイザリ21件を公開SecurityNext
Cisco Secure Firewall 適応型セキュリティアプライアンスおよび Cisco Secure Firewall Threat Defense の各ソフトウェアの Web サービスにおけるサービス妨害(DoS)脆弱性CISCO
Cisco ASA脆弱性・大規模スキャンX
25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially IncomingGREYNOISE

今週のアクセス数上位国

HoneyTrapを除く
Administration Server on LAN, managed devices on internet, connection gateway in useKaspersky
CVE-2019-7214CVE
Eleven11bot botnet is nearly three times bigger than initial estimatescybernews

今週の攻撃IDパスワード

ユーザ名(top500)試行数パスワード(top500)試行数
root
admin
user
test
ubuntu
oracle
postgres
git
hadoop
es2
mysql
sa
345gs5662d34
dell
support
guest
lenovo
debian
centos

ubnt
www
dev
testuser
redis
ftpuser
administrator
docker
developer
ftp
elastic
apache
elasticsearch
Admin
backup
operator
default
cloud
grid
zabbix
jenkins
master
pi
ansible
server
student
system
es
demo
tomcat
nobody
config
blank
supervisor
unknown
nginx
steam
gpadmin
service
anonymous
huawei
test1
sol
manager
user1
solana
dbuser
www-data
minecraft
dolphinscheduler
deploy
dspace
data
username
odoo
gitlab
123
ec2-user
web
solv
opc
user123
wang
ftptest
db
wwwroot
uftp
esuser
tom
sonar
user2
lighthouse
alex
nagios
Administrator
gitlab-runner
vagrant
admin1
kingbase
GET / HTTP/1.1
dmdba
weblogic
enable
1234
squid
h8s
k8s
plex
telnet
test2
nexus
daemon
node
app
samba
cisco
User-Agent: Mozilla/5.0(略) Safari/537.36
a
oscar
ranger
proxy
solr
telecomadmin
bot
Test
ts
amir
factorio
rancher
sshd
pritchard
User
deployer
nvidia
runner
Accept-Encoding: gzip
User-Agent: Go-http-client/1.1
bin
elsearch
appuser
jumpserver
kubernetes
abc
esroot
hive
odoo16
odoo17
openvpn
shell
bigdata
newuser
niaoyun
ftpguest
media
frappe
gerrit
usuario
sysadmin
fastuser
flink
g
gpuadmin
jfedu1
jito
lsfadmin
mehdi
observer
plexserver
sadmin
stream
esearch
flask
mongo
palworld
tools
wso2
yealink
jms
user
123456
vyos
maria
webmaster
daniel
moth3r
nushi
uucp
ali
vpn
validator
wordpress
joyce
magdalena
sftp
yue
Antminer
test3
adm
devops
nil
proxyuser
tech
user1337
omsagent
sync
MyUsername
Sujan
amp
caddy
helpdesk
minh
puppet
btf
rosa
3err0
USER
USR2
installer
jack
loginuser
mongodb
redhat
thomas
user007
adMIN
goodhoster
hduser
psybnc
rebecca
software
USR1
guest1
matrix
test4
dolphin
drupal
ds
monitor
newadmin
satisfactory
testftp
ADMIN
User13
mapr
nikita
search
sys
vps
Root
library
ADmin
Accept: /
auto
belkinstyle
cf1c22
george
kafka
open
ryan
svn
xbmc
admIn
anton
grafana
infocare
kelly
kim
office
root1
strycek
terraria
0
adMin
admiN
info
joggler
latitude
orangepi
root2
super
teamspeak
ts3
user100
userproxy2
admian
jim
joro
kodi
socks5
splunk
1
ADmiN
AdMIn
Default
admIN
ark
david
fedora
minima
richard
tempusr
worker
azureuser
baikal
gitlab-psql
jacob
john
12345678
ADMInistrator
ADmIN
Debian
aDMIN
aDmIN
aDmIn
administrador
arkserver
login
myuser
user01
vbox
Guest
airflow
amandabackup
citrix
controll
ldap
middleware
owncloud
owner
yarn
zhihong
ADMiN
ADMin
ADmIn
AdMIN
AdMiN
Support
adMIn
vncuser
AdMin
AdmIn
Centos
elk
kali
mc
mohamed
moodle
odoo18
ping
secret
ADMIn
AdmiN
GET /cgi-bin/authLogin.cgi HTTP/1.1
GET /query?q=SHOW+DIAGNOSTICS HTTP/1.1
GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1
GET /solr/admin/info/system HTTP/1.1
GET /v2/_catalog HTTP/1.1
aDMIn
aDMiN
adMiN
adminmikro
deployuser
hunter
jupyter
noc
nsroot
public
tommy
user3
virtualbox
zookeeper
888888
adminnoc
andy
axel
fil
hdfs
hugo
marie
marina
morgan
peter
prueba
tester
testtest
webadmin
webuser
x
ADMINISTRATOR
AdmIN
User-Agent: python-requests/2.27.1
[user]
aDMin
aDmin
admin123
adminKH
admin_bed
adminpa
adminuser
dst
dstserver
ethnode
ftpusr
georgia
github
gmod
harley
helen
hmsftp
install
jaquan
jessie
jito-validator
kaila
leo
lsb
pal
raquel
rodolfo
router
russell
seekcy
sftpuser
teresa
tushar
vhserver
xrp
aaa
ahmad
bitrix
carla
chris
csgo
family
log
man
mike
nikhil
pablo
rahul
sam
sammy
sara
sftp_user
vodafone
ADMIN_QUEVNET
AdminLEADWAY
Admin_KE
Config
GET / HTTP/1.0
KKU-Admin
admig
admin-backup
admin@pmm
adminSity
admina
adminitpec
adminkh
adminroot
adminrouter
adminsis
admun
ahmed
asterisk
charles
ethereum
hacluster
hrm
jay
joe
lisi
news
paul
redmine
share
slurm
teste
victor
weewx
PlcmSpIp
adam
admmailson
alireza
applmgr
bbs
bob
btc
carol
cq
craft
db2inst1
dbadmin
ddd
engineer
ftp1
hang
intern
jojo
jose
lp		64535
8095
3539
2939
2703
1908
1908
1200
1180
1121
1110
1081
1003
802
745
719
709
656
631
626
620
557
463
442
438
433
413
413
410
405
398
394
379
378
375
351
348
343
342
340
329
314
314
310
306
300
293
290
287
284
283
279
277
273
273
262
255
237
229
226
226
222
218
217
215
214
200
198
195
194
190
187
184
184
173
165
150
145
136
130
125
124
124
123
122
122
121
119
118
117
116
113
112
112
111
109
109
102
100
98
98
95
94
92
91
89
89
89
88
85
84
81
81
79
79
75
74
72
72
72
70
69
69
68
66
65
64
64
64
64
63
62
62
60
60
59
59
59
59
57
56
56
55
55
55
55
55
55
55
54
54
54
53
53
52
52
52
51
50
50
50
50
50
50
50
50
50
50
50
50
49
49
49
49
49
49
49
48
46
46
46
43
43
41
40
40
40
39
39
37
36
35
35
35
35
34
34
33
33
33
33
33
32
31
31
30
30
30
30
30
30
30
29
29
28
28
28
28
28
28
28
28
28
28
27
27
27
27
27
27
26
26
26
26
25
25
25
25
25
25
25
24
24
24
24
24
24
24
23
23
22
22
22
22
22
22
22
22
22
22
22
21
21
21
21
21
21
21
21
21
21
20
20
20
20
20
20
20
20
20
20
20
20
20
19
19
19
19
19
19
18
18
18
18
18
18
18
18
18
18
18
18
17
17
17
17
17
16
16
16
16
16
16
16
16
16
16
16
16
16
15
15
15
15
15
15
15
15
15
15
15
14
14
14
14
14
14
14
14
13
13
13
13
13
13
13
13
13
13
13
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
12
11
11
11
11
11
11
11
11
11
11
11
11
11
11
11
11
11
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
9
9
9
9
9
9
9
9
9
9
9
9
9
9
9
9
9
9
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7
7		123456

123
password
admin
123456789
1234
es2
root
123123
12345678
345gs5662d34
3245gs5662d34
ubuntu
P@ssw0rd
12345
1
abc123
oracle
admin123
test
111111
user
qwerty
1234567890
abcd1234
postgres
123qwe
passw0rd
1234567
abcd123
p@ssw0rd
dell
system
lenovo
adminHW
1q2w3e4r
Admin@123
git
mysql
hadoop
Huawei@123
centos
root123
1qaz2wsx
admin@123
test123
abc1234
guest
Aa123456
p@ssword
12
lenovo@123
master
redis
123321
cloud
huawei
www
testuser
grid
654321
Host: (IPアドレス):23
dev
root@123
server
default
elastic
jenkins
zabbix
ansible
apache
dell@123
demo
backup
kjashd123sadhj123d1SS
password123
support
developer
toor
docker
password1
elasticsearch
postgres123
oracle123
ubnt
pass
hadoop123
qwerty123
Password
debian
0
1qaz@WSX
gpadmin
admin1234
1q2w3e
raspberry
000000
54321
4321
abc123456
service
wasd
qwe123
tomcat@123
manager
student
welcome
1111
123qwerty
Passw0rd
a123456
!QAZ2wsx
letmein
root1
test1234
tomcat
user123
P@ssword
Password1
eve
passwd
ubuntu123
root1234
321
root12
test@123
ubuntu@123
123abc
666666
solana
k8s
administrator
123123123
1234qwer
Accept: /
git123
mysql123
user123456
huawei123
root12345
root123456789
root123456
root12345678
ftpuser
test123456
admin1
alex
ubuntu123456
root1234567
Lenovo@123
test123123
user123123
1q2!@#$%
Dell@123
dell123
git123123
git123456
hadoop123123
hadoop123456
huawei123!@#
mysql123123
mysql123456
oracle123123
oracle123456
postgres123123
postgres123456
root123123
ubuntu123123
minecraft
aa123456
changeme
plex
pi
ftp
qwer1234
sol
987654321
odoo
qwerty123456
weblogic
1qaz@wsx
nginx
rootroot
FattMan1234567890
icatch99
pass1234
alpine
deploy
proxy
1qazxsw2
es
user1
1qazXSW@
ftp123
data
——fuck——
Qq123456
Connection: close
guest123
Ab123456
dolphinscheduler
112233
a
redhat
steam
!Q2w3e4r
7777777
nexus
nginx123
test2
vagrant
1Q2W3E4R
P@55w0rd
bot
dspace
sh
P@ssw0rd123
apache123
docker123
ftpuser123
pass123
888888
Qwerty
dragon
gitlab
openvpn
solr
ts
!Q@W3e4r
!qaz@WSX
1Q2w3e4r
amir
deployer
dolphinscheduler123
ftpguest
samba
11111111
Admin123
aA123456
app
g
operator
username
123654
A123456a
QWERTY123
appuser
esroot
kubernetes
lighthouse
media
opc
oscar
qQ123456
tom
!Qaz@Wsx
Ac123456
aB123456
anonymous
bigdata
dev123456
ec2-user
elsearch
es123456
factorio
fastuser
gitlab-runner
hive
hope
jumpserver
odoo17
qq123456
stream
uftp
admin01
esuser
flink
gpuadmin
lsfadmin
node
odoo16
rancher
ranger
sonar
sonar123
steam123
user2
wang123
123qwe!@#
a123456A
esearch
nvidia
qwertyuiop
runner
dmdba
flask
kingbase
observer
plexserver
sadmin
tools
wso2
yealink
adminadmin
secret
cisco123
linux
windows
123456a
orangepi
Password123
test1
5201314
8888888
159753
0l0ctyQh243O63uD
config
squid
validator
vyos
88888888
access
fdk23E4ej#Md%28@1
q1w2e3
121212
159357
1q2w3e4r5t
asdfgh
nimda
0000
11111
Huawei12#$
Qwerty1
fuckyou
guest1
qwerty12345
1314520
cisco
password!
qazxswedc
solv
7ujMko0admin123
bin
p@55w0rd
webmaster
0000000000
111
P@ssw0rd!!
derok010101
devry
email@email.com
marketing
p@ssw0rd!
qazxswedc`123
qwa123
qwerty12
r00t
techsupport
woaini
0987654321
102030
21
555555
Aa12345678
Admin1234
calvin
dietpi
logon
00000000
Passw@rd
anonymous@
maintenance
696969
Abcd1234
mynoob
nagios
qwerty1234
telnet
1qaz@WSX3edc
3333
321start
admin123456
click1
password321
webadmin
welc0me
00000
123.com
1qaz!QAZ
24022022
football
Admin@1234
helpdesk
iloveyou
installer
jito
000
Admin
OkwKcECs8qJP2Z
SangomaDefaultPassword
abc
admins
asdfghjkl
pfsense
q1w2e3r4
supervisor
uploader
6666
@
abcdefg
asteriskftp
baseball
monkey
sol123
tech
147258
999999
Admin@9000
Michael
admintelecom
col123456
qwerty1
zxcvbnm
1111111
VnT3ch@dm1n
devops
palworld
superman
00
123qweASD
8
99
9999
Master
P@$$w0rd
Root@123
admin123!@#
asd123
ipscan
welcome1
321123
5
72ca06
999
9999999
Admin123456
P@ssw0rd1
Password@123
a123456789
asterisk
george
libreelec
rebecca
sangoma
socks5
sysadmin
temp
testtest
thomas
12341234
888
ABCabc123
Password123!
admin12345
baikal
blacksheepwall
bwcon
daniel
envision
google
innot1t2
king
nobody
putin
qwer@1234
sshd
team2
test321
usuario
xc3511
********
100
123456789a
222
333333
666
9
Aa112233
Changeme_123
enable
huawei@123
kim123
login
nikita
open
super
vizxv
!QAZ2wsx#EDC
!QAZ@WSX		10515
2248
2084
1927
1870
1476
1137
1120
1101
1076
1062
1003
999
965
947
867
786
638
617
613
524
451
434
430
429
411
394
383
376
367
339
295
284
284
283
277
273
269
255
254
250
244
222
220
219
217
216
206
202
201
192
190
188
188
182
181
181
181
181
175
174
172
170
165
164
164
162
161
160
160
158
158
158
158
156
156
155
154
152
152
150
150
149
148
147
147
146
143
140
139
139
137
137
137
134
130
130
127
126
122
115
115
114
113
113
111
110
110
108
106
106
106
105
102
101
101
101
101
99
99
99
99
98
97
96
94
92
92
91
91
90
89
88
86
86
86
85
85
85
84
84
84
83
83
82
82
81
81
81
80
79
79
79
78
78
78
78
78
78
78
78
78
78
78
78
78
78
78
78
77
76
75
74
73
71
71
71
70
70
70
69
68
68
68
67
67
67
66
66
66
65
65
65
64
64
63
62
62
61
61
60
60
59
59
59
59
58
58
58
58
58
56
55
55
55
55
55
54
54
54
54
54
53
53
53
53
53
53
53
52
52
52
52
52
52
52
52
51
51
51
51
51
51
51
50
50
50
50
50
50
50
50
50
50
50
50
49
49
49
49
49
49
49
49
49
49
49
49
49
49
49
49
49
49
49
48
48
48
48
48
48
48
48
48
48
48
48
48
48
47
47
47
47
47
47
46
46
46
46
46
46
45
45
45
44
44
43
43
43
41
41
40
40
39
39
38
37
37
37
37
37
36
36
36
36
35
35
35
35
35
34
34
34
34
34
34
34
33
33
33
33
33
32
31
31
31
30
30
30
30
30
30
30
30
30
30
30
30
30
30
29
29
29
29
29
29
29
29
29
28
28
28
28
27
27
27
27
27
27
26
26
25
25
25
25
25
25
24
24
24
24
24
23
23
23
23
23
22
22
22
22
22
22
22
22
22
22
22
21
21
21
21
21
21
21
21
20
20
20
20
20
20
20
20
19
19
19
19
19
18
18
18
18
18
18
18
18
18
18
18
18
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
17
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
15
14
14
スポンサーリンク

コメント