Username: “test1”

The username “test1” was first observed on 2026-01-23 and last seen on 2026-03-03. It has been used in 9,698 attack sessions across 3 different protocols, making it a credential observed in our honeypot sensor network.

Attackers use this username during automated brute-force and credential stuffing attacks. To protect your systems, ensure this username is either disabled or secured with a strong, unique password. Monitor login attempts with tools like Fail2Ban and check IPs against the SikkerAPI threat database. For automated protection, use our CLI tool or REST API.