Loading threats
Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 141.98.11.59 | 100% | 20,272 | 20,272 | 🇱🇹 LT | AS209605 | 2026-04-24 |
| 80.66.83.43 | 100% | 8,591 | 8,147 | 🇷🇺 RU | AS216473 | 2026-04-24 |
| 71.6.199.23 | 100% | 5,413 | 3,645 | 🇺🇸 US | AS10439 | 2026-04-24 |
| 80.94.95.83 | 100% | 4,863 | 4,749 | 🇷🇴 RO | AS204428 | 2026-04-24 |
| 104.251.181.48 | 99% | 4,742 | 4,742 | 🇨🇭 CH | AS402253 | 2026-04-24 |
| 77.90.185.135 | 86% | 4,693 | 4,658 | 🇮🇷 IR | AS213790 | 2026-04-13 |
| 93.174.95.106 | 100% | 4,383 | 3,107 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 80.82.77.139 | 100% | 4,289 | 3,086 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 167.94.146.56 | 50% | 4,202 | 3,012 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.60 | 50% | 4,179 | 3,156 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 80.82.77.33 | 100% | 4,109 | 2,938 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 167.94.146.55 | 50% | 4,101 | 2,916 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.61 | 50% | 4,100 | 2,945 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.57 | 50% | 4,039 | 3,031 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 71.6.135.131 | 100% | 4,032 | 2,912 | 🇺🇸 US | AS10439 | 2026-04-24 |
| 167.94.146.62 | 50% | 4,032 | 2,949 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.48 | 50% | 4,030 | 3,015 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.63 | 50% | 4,006 | 2,925 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.52 | 50% | 3,938 | 2,892 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.58 | 50% | 3,922 | 3,056 | 🇺🇸 US | AS398705 | 2026-04-24 |