Loading threats
Matches RDP sessions where the authentication method is Network Level Authentication (NLA) using NTLM. This occurs during the CredSSP security negotiation phase when the client performs NTLM challenge–response authentication before a remote desktop session is established. Indicates the client selected NLA with NTLM as the credential exchange mechanism rather than legacy plaintext RDP authentication.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.88.138.39 | 99% | 129,724 | 129,602 | 🇺🇦 UA | AS213737 | 2026-04-06 |
| 62.164.177.28 | 97% | 31,728 | 31,672 | 🇳🇱 NL | AS215929 | 2026-04-22 |
| 78.128.112.114 | 97% | 31,618 | 31,501 | 🇧🇬 BG | AS208637 | 2026-04-22 |
| 62.164.177.27 | 97% | 31,547 | 31,439 | 🇳🇱 NL | AS215929 | 2026-04-22 |
| 5.181.86.179 | 98% | 29,565 | 29,530 | 🇺🇦 UA | AS211632 | 2026-04-22 |
| 5.181.86.60 | 98% | 29,327 | 29,168 | 🇺🇦 UA | AS211632 | 2026-04-22 |
| 109.205.211.4 | 97% | 27,420 | 27,191 | 🇦🇿 AZ | AS201814 | 2026-04-23 |
| 185.218.138.17 | 97% | 26,871 | 26,848 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 149.50.107.12 | 97% | 26,682 | 26,667 | 🇵🇱 PL | AS201814 | 2026-04-23 |
| 185.218.138.19 | 97% | 26,382 | 26,259 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 94.26.88.29 | 97% | 26,071 | 26,049 | 🇧🇬 BG | AS201814 | 2026-04-23 |
| 5.253.86.23 | 97% | 25,849 | 25,828 | 🇺🇸 US | AS213438 | 2026-04-23 |
| 185.218.138.3 | 97% | 25,747 | 25,687 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.20 | 97% | 25,369 | 25,324 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.18 | 97% | 24,912 | 24,910 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.26 | 97% | 24,557 | 24,476 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.16 | 97% | 24,452 | 24,414 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 185.218.138.27 | 97% | 24,375 | 24,349 | 🇺🇸 US | AS205997 | 2026-04-23 |
| 88.210.63.75 | 97% | 24,137 | 24,108 | 🇺🇦 UA | AS211736 | 2026-04-24 |
| 185.218.138.28 | 97% | 22,697 | 22,683 | 🇺🇸 US | AS205997 | 2026-04-23 |