Loading threats
Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 80.66.83.43 | 100% | 3,141 | 2,710 | 🇷🇺 RU | AS216473 | 2026-03-09 |
| 45.227.254.152 | 94% | 1,134 | 810 | 🇵🇦 PA | AS267784 | 2026-03-09 |
| 194.165.16.164 | 95% | 1,115 | 786 | 🇲🇨 MC | AS48721 | 2026-03-09 |
| 154.91.64.84 | 97% | 1,001 | 997 | 🇸🇬 SG | AS399077 | 2026-03-10 |
| 88.214.25.121 | 92% | 992 | 673 | 🇩🇪 DE | AS35042 | 2026-03-09 |
| 45.227.254.155 | 92% | 956 | 666 | 🇵🇦 PA | AS267784 | 2026-03-09 |
| 88.214.25.124 | 92% | 931 | 630 | 🇩🇪 DE | AS35042 | 2026-03-09 |
| 194.165.16.167 | 95% | 841 | 642 | 🇲🇨 MC | AS48721 | 2026-03-10 |
| 82.147.88.2 | 97% | 824 | 821 | 🇷🇺 RU | AS211860 | 2026-03-10 |
| 88.214.25.125 | 91% | 747 | 502 | 🇩🇪 DE | AS35042 | 2026-03-09 |
| 179.43.96.46 | 97% | 731 | 727 | 🇵🇪 PE | AS263189 | 2026-03-09 |
| 80.94.95.83 | 99% | 708 | 598 | 🇷🇴 RO | AS204428 | 2026-03-09 |
| 148.72.152.145 | 97% | 687 | 685 | 🇺🇸 US | AS30083 | 2026-03-09 |
| 88.210.63.75 | 97% | 516 | 516 | 🇺🇦 UA | AS211736 | 2026-03-09 |
| 209.127.178.131 | 96% | 498 | 492 | 🇺🇸 US | AS55286 | 2026-03-09 |
| 185.218.138.20 | 97% | 481 | 481 | 🇺🇸 US | AS205997 | 2026-03-09 |
| 38.225.206.208 | 97% | 447 | 439 | 🇮🇳 IN | AS150654 | 2026-03-09 |
| 31.147.206.58 | 96% | 314 | 312 | 🇭🇷 HR | AS2108 | 2026-03-09 |
| 165.73.85.99 | 96% | 310 | 308 | 🇿🇦 ZA | AS37611 | 2026-03-09 |
| 35.199.91.184 | 96% | 301 | 301 | 🇧🇷 BR | AS396982 | 2026-03-09 |