Loading threats
Matches RDP sessions where the client attempts authentication using the legacy RDP security mode with plaintext credential exchange instead of Network Level Authentication (NLA). This method transmits credentials through the older RDP security layer and indicates the client selected legacy authentication rather than CredSSP-based NLA
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 141.98.11.59 | 100% | 20,362 | 20,362 | 🇱🇹 LT | AS209605 | 2026-04-24 |
| 80.66.83.43 | 100% | 8,593 | 8,149 | 🇷🇺 RU | AS216473 | 2026-04-24 |
| 71.6.199.23 | 100% | 5,413 | 3,645 | 🇺🇸 US | AS10439 | 2026-04-24 |
| 104.251.181.48 | 99% | 5,124 | 5,122 | 🇨🇭 CH | AS402253 | 2026-04-24 |
| 80.94.95.83 | 100% | 4,900 | 4,786 | 🇷🇴 RO | AS204428 | 2026-04-24 |
| 77.90.185.135 | 86% | 4,693 | 4,658 | 🇮🇷 IR | AS213790 | 2026-04-13 |
| 93.174.95.106 | 100% | 4,389 | 3,113 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 80.82.77.139 | 100% | 4,294 | 3,091 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 167.94.146.56 | 50% | 4,224 | 3,034 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.60 | 50% | 4,179 | 3,156 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 80.82.77.33 | 100% | 4,128 | 2,957 | 🇳🇱 NL | AS202425 | 2026-04-24 |
| 167.94.146.61 | 50% | 4,114 | 2,959 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.55 | 50% | 4,113 | 2,928 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.57 | 50% | 4,050 | 3,042 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.48 | 50% | 4,040 | 3,025 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 71.6.135.131 | 100% | 4,040 | 2,920 | 🇺🇸 US | AS10439 | 2026-04-24 |
| 167.94.146.62 | 50% | 4,035 | 2,952 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.63 | 50% | 4,019 | 2,938 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.59 | 50% | 3,945 | 2,916 | 🇺🇸 US | AS398705 | 2026-04-24 |
| 167.94.146.58 | 50% | 3,940 | 3,074 | 🇺🇸 US | AS398705 | 2026-04-24 |