Loading threats
Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.88.138.39 | 99% | 129,724 | 129,602 | 🇺🇦 UA | AS213737 | 2026-04-06 |
| 62.164.177.28 | 97% | 31,728 | 31,672 | 🇳🇱 NL | AS215929 | 2026-04-22 |
| 78.128.112.114 | 97% | 31,618 | 31,501 | 🇧🇬 BG | AS208637 | 2026-04-22 |
| 62.164.177.27 | 97% | 31,547 | 31,439 | 🇳🇱 NL | AS215929 | 2026-04-22 |
| 5.181.86.179 | 98% | 29,565 | 29,530 | 🇺🇦 UA | AS211632 | 2026-04-22 |
| 5.181.86.60 | 98% | 29,327 | 29,168 | 🇺🇦 UA | AS211632 | 2026-04-22 |
| 109.205.211.4 | 97% | 27,773 | 27,544 | 🇦🇿 AZ | AS201814 | 2026-04-24 |
| 185.218.138.17 | 97% | 26,871 | 26,848 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 149.50.107.12 | 97% | 26,682 | 26,667 | 🇵🇱 PL | AS201814 | 2026-04-23 |
| 185.218.138.19 | 97% | 26,382 | 26,259 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 94.26.88.29 | 97% | 26,114 | 26,092 | 🇧🇬 BG | AS201814 | 2026-04-24 |
| 5.253.86.23 | 97% | 25,921 | 25,900 | 🇺🇸 US | AS213438 | 2026-04-24 |
| 185.218.138.3 | 97% | 25,747 | 25,687 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.20 | 97% | 25,369 | 25,324 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.18 | 97% | 24,912 | 24,910 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.26 | 97% | 24,557 | 24,476 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.16 | 97% | 24,452 | 24,414 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.27 | 97% | 24,375 | 24,349 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 88.210.63.75 | 97% | 24,303 | 24,274 | 🇺🇦 UA | AS211736 | 2026-04-24 |
| 185.218.138.28 | 97% | 22,697 | 22,683 | 🇺🇸 US | AS205997 | 2026-04-23 |