Rdp Legacy Plaintext Authenthication

Matches RDP sessions where the client attempts authentication using the legacy RDP security mode with plaintext credential exchange instead of Network Level Authentication (NLA). This method transmits credentials through the older RDP security layer and indicates the client selected legacy authentication rather than CredSSP-based NLA

Observed IPs

269

Avg Confidence

76%

Protocol

RDP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
71.6.199.23	100%	3,623	1,855	🇺🇸 US	AS10439	2026-03-09
80.66.83.43	100%	3,141	2,710	🇷🇺 RU	AS216473	2026-03-09
167.94.138.191	30%	3,100	1,680	🇺🇸 US	AS398324	2026-03-10
162.142.125.121	30%	2,954	1,650	🇺🇸 US	AS398324	2026-03-10
167.94.146.55	30%	2,855	1,670	🇺🇸 US	AS398705	2026-03-10
80.82.77.139	100%	2,834	1,631	🇳🇱 NL	AS202425	2026-03-09
66.132.153.120	100%	2,819	1,592	🇺🇸 US	AS398324	2026-03-10
162.142.125.118	30%	2,755	1,677	🇺🇸 US	AS398324	2026-03-10
80.82.77.33	100%	2,691	1,540	🇳🇱 NL	AS202425	2026-03-10
167.94.146.62	30%	2,686	1,603	🇺🇸 US	AS398705	2026-03-10
86.54.31.32	100%	2,663	1,413	🇨🇦 CA	AS12989	2026-03-09
162.142.125.123	30%	2,652	1,591	🇺🇸 US	AS398324	2026-03-10
66.132.153.123	100%	2,623	1,623	🇺🇸 US	AS398324	2026-03-10
167.94.146.61	30%	2,607	1,466	🇺🇸 US	AS398705	2026-03-09
162.142.125.223	30%	2,583	1,427	🇺🇸 US	AS398324	2026-03-09
167.94.138.181	30%	2,534	1,439	🇺🇸 US	AS398324	2026-03-09
167.94.146.63	30%	2,528	1,447	🇺🇸 US	AS398705	2026-03-09
167.94.138.184	30%	2,524	1,509	🇺🇸 US	AS398324	2026-03-10
167.94.138.187	30%	2,513	1,509	🇺🇸 US	AS398324	2026-03-10
162.142.125.124	30%	2,502	1,474	🇺🇸 US	AS398324	2026-03-10

Loading threats

Rdp Legacy Plaintext Authenthication

Observed IPs

269

Avg Confidence

76%

Protocol

RDP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
71.6.199.23	100%	3,623	1,855	🇺🇸 US	AS10439	2026-03-09
80.66.83.43	100%	3,141	2,710	🇷🇺 RU	AS216473	2026-03-09
167.94.138.191	30%	3,100	1,680	🇺🇸 US	AS398324	2026-03-10
162.142.125.121	30%	2,954	1,650	🇺🇸 US	AS398324	2026-03-10
167.94.146.55	30%	2,855	1,670	🇺🇸 US	AS398705	2026-03-10
80.82.77.139	100%	2,834	1,631	🇳🇱 NL	AS202425	2026-03-09
66.132.153.120	100%	2,819	1,592	🇺🇸 US	AS398324	2026-03-10
162.142.125.118	30%	2,755	1,677	🇺🇸 US	AS398324	2026-03-10
80.82.77.33	100%	2,691	1,540	🇳🇱 NL	AS202425	2026-03-10
167.94.146.62	30%	2,686	1,603	🇺🇸 US	AS398705	2026-03-10
86.54.31.32	100%	2,663	1,413	🇨🇦 CA	AS12989	2026-03-09
162.142.125.123	30%	2,652	1,591	🇺🇸 US	AS398324	2026-03-10
66.132.153.123	100%	2,623	1,623	🇺🇸 US	AS398324	2026-03-10
167.94.146.61	30%	2,607	1,466	🇺🇸 US	AS398705	2026-03-09
162.142.125.223	30%	2,583	1,427	🇺🇸 US	AS398324	2026-03-09
167.94.138.181	30%	2,534	1,439	🇺🇸 US	AS398324	2026-03-09
167.94.146.63	30%	2,528	1,447	🇺🇸 US	AS398705	2026-03-09
167.94.138.184	30%	2,524	1,509	🇺🇸 US	AS398324	2026-03-10
167.94.138.187	30%	2,513	1,509	🇺🇸 US	AS398324	2026-03-10
162.142.125.124	30%	2,502	1,474	🇺🇸 US	AS398324	2026-03-10