Loading threats
Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.88.138.39 | 99% | 129,724 | 129,602 | 🇺🇦 UA | AS213737 | 2026-04-06 |
| 78.128.112.114 | 97% | 20,182 | 20,080 | 🇧🇬 BG | AS208637 | 2026-04-10 |
| 62.164.177.28 | 97% | 16,578 | 16,530 | 🇳🇱 NL | AS215929 | 2026-04-10 |
| 62.164.177.27 | 97% | 16,239 | 16,154 | 🇳🇱 NL | AS215929 | 2026-04-10 |
| 5.181.86.60 | 98% | 16,024 | 15,880 | 🇺🇦 UA | AS211632 | 2026-04-10 |
| 5.181.86.179 | 98% | 15,767 | 15,732 | 🇺🇦 UA | AS211632 | 2026-04-10 |
| 82.147.88.2 | 97% | 14,889 | 14,846 | 🇷🇺 RU | AS211860 | 2026-04-10 |
| 185.218.138.27 | 97% | 14,339 | 14,329 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 109.205.211.4 | 97% | 14,140 | 13,911 | 🇦🇿 AZ | AS201814 | 2026-04-10 |
| 149.50.107.12 | 97% | 13,808 | 13,793 | 🇵🇱 PL | AS201814 | 2026-04-10 |
| 185.218.138.16 | 97% | 13,423 | 13,422 | 🇺🇸 US | AS205997 | 2026-04-09 |
| 185.218.138.17 | 97% | 13,286 | 13,286 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 88.210.63.75 | 97% | 13,132 | 13,106 | 🇺🇦 UA | AS211736 | 2026-04-10 |
| 185.218.138.19 | 97% | 12,848 | 12,813 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 185.218.138.20 | 97% | 12,761 | 12,747 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 185.218.138.18 | 97% | 12,621 | 12,619 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 185.218.138.21 | 97% | 12,471 | 12,471 | 🇺🇸 US | AS205997 | 2026-04-10 |
| 143.92.60.10 | 97% | 12,246 | 12,066 | 🇸🇬 SG | AS152194 | 2026-04-07 |
| 5.253.86.23 | 97% | 12,108 | 12,100 | 🇺🇸 US | AS213438 | 2026-04-10 |
| 185.218.138.26 | 97% | 11,949 | 11,905 | 🇺🇸 US | AS205997 | 2026-04-10 |