On the first pages of the Report, we can see that September numbers are very comparable to August data. Iran-based attackers moved away from top charts, and we see that addresses from the United States now take the lead in the HTTP minipot incidents records.
There is again a rise in popularity of some ports used for unknown services, particularly ports 33113 and 62534. We still don’t know what could be behind those. After a couple of months, the 123456 password regains its first position on the top of the passwords table. There are three passwords that are in the top table, which were not present, at least in the previous month. %users% is most likely somehow related to MS Windows. It might be caused by some broken script used by some attacker. Looks like some inexperienced attackers are still trying to use the proprietary closed source OS to conduct their evil deeds and are luckily failing.ei_123 does not look like anything in particular, but we have seen a tendency between attackers trying some simple password in combination with the 123 suffix. It seems like attackers think that people tend to often pass security policies by adding those numbers to their simple passwords. Zz3AEcMM looks quite random. It might be a default password somewhere or part of some leak.