thinsed - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User thinsed joined AbuseIPDB in December 2025 and has reported 1 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇫🇷 31.59.121.19	22 Apr 2026	Persistent brute-force SSL VPN login attempts detected against our infrastructure (Windows AD / CH ... show more Persistent brute-force SSL VPN login attempts detected against our infrastructure (Windows AD / CHAP authentication gateway). Log analysis reveals this IP has been conducting automated credential stuffing attacks for at least 2 years, systematically targeting accounts — including users no longer active in our Active Directory. Latest confirmed event: 2026-04-22 10:17:12 UTC → Authentication attempt on account "xxxx" via SSL VPN (CHAP, no token) → Result: account locked after reaching maximum failed attempts → Source IP detected through internal PAM/gateway logs The IP belongs to ASN56971 (CGI GLOBAL LIMITED / cloudbackbone.net), classified as Data Center/Hosting/Transit — consistent with an automated attack infrastructure. Attacks occur on a daily basis with no interruption. The fact that stale/deleted AD accounts are being targeted suggests the attacker is using harvested or leaked credential lists. show less	Brute-Force