Most Attacked Credentials

Real-time analysis of the most used credentials by attackers in unauthorized access attempts. Data collected from our global honeypot network in the last 24 hours.

6,553 attempts in 24h

Top Usernames

1.root

58 IPs1,220

2.solana

14 IPs400

3.ubuntu

31 IPs357

4.sol

15 IPs355

5.admin

36 IPs189

6.user

15 IPs163

7.john

6 IPs142

8.solv

8 IPs128

9.test

16 IPs63

10.validator

7 IPs43

11.postgres

15 IPs42

12.lighthouse

3 IPs40

13.node

9 IPs38

14.oracle

11 IPs38

15.data

3 IPs33

16.administrator

3 IPs32

17.User-Agent: Go-http-client/1.1

6 IPs30

18.ftp

3 IPs28

19.deploy

8 IPs27

20.345gs5662d34

16 IPs25

Top Passwords

1.123456

34 IPs247

2.12345678

22 IPs158

3.welcome

7 IPs143

4.solana

14 IPs140

5.sol

14 IPs126

6.123

19 IPs118

7.1234

22 IPs93

8.ubuntu

16 IPs88

9.password

20 IPs69

10.1234567890

5 IPs64

11.admin

31 IPs64

12.1q2w3e4r

9 IPs59

13.node

8 IPs57

14.test

12 IPs56

15.1

5 IPs56

16.p@ssw0rd

10 IPs56

17.12345

10 IPs56

18.solv

7 IPs55

19.111111

7 IPs53

20.root

12 IPs52

Combinations

1.john:welcome

141

2.solana:solana

100

3.root:(empty)

4.sol:sol

5.ubuntu:ubuntu

6.solv:solv

7.solv:123456

8.sol:123

9.solana:12345678

10.solana:sol

11.node:node

12.User-Agent: Go-http-client/1.1:Connection: close

13.root:admin

14.solv:12345678

15.validator:validator

16.sol:solana

17.345gs5662d34:345gs5662d34

18.sol:12345678

19.firedancer:firedancer

20.admin:admin

About this data

This data is collected in real-time by our globally distributed T-Pot honeypot network. Attackers try these credentials to gain unauthorized access to systems. Use this information to strengthen your password policies and detect attack patterns.