AbuseIPDB » 138.124.123.107
138.124.123.107 was found in our database!
This IP was reported 8 times. Confidence of
Abuse
is 10%: ?
| ISP |
NetCrafters OU
|
| Usage Type |
Data Center/Web Hosting/Transit
|
| ASN |
AS203273
|
| Hostname(s) |
mellowminister.ptr.network
|
| Domain Name |
netcrafters.host
|
| Country |
๐บ๐ธ
United States of America
|
| City |
Charlotte, North Carolina
|
IP info including ISP, Usage Type, and Location provided
by IPInfo. Updated weekly.
IP Abuse Reports for 138.124.123.107:
This IP address has been reported a total of
8
times from
5 distinct
sources.
138.124.123.107 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
| Reporter |
IoA Timestamp (UTC)
|
Comment |
Categories |
|
|
๐ฉ๐ช
keep_out
|
|
Probing\(5\) HTTP Ports
...
|
Bad Web Bot
Web App Attack
|
|
|
๐ฉ๐ช
keep_out
|
|
Probing\(5\) HTTP Ports
...
|
Bad Web Bot
Web App Attack
|
|
|
๐ฉ๐ช
vsem
|
|
Automated exploitation of Next.js CVE GHSA-9qr9-h5gf-34mp (RCE via React
Server Components / Flight ...
show more
Automated exploitation of Next.js CVE GHSA-9qr9-h5gf-34mp (RCE via React
Server Components / Flight Protocol). IP sent POST requests to /_next/
endpoints attempting Remote Code Execution.
Attack observed: 2026-06-01
Target: Docker container running Next.js (port 443 via Traefik)
Requests: 138.124.123.107 โ 1 POST request
Attempted payload actions (all failed due to hardening):
- SSH key exfiltration (~/.ssh/id_rsa, id_ed25519, id_ecdsa)
- .env file exfiltration at multiple paths
- Malware binary download and execution (/tmp/safenetv6)
Server: 148.251.4.171 (Hetzner, DE)
Log source: Traefik access log
show less
|
Web App Attack
Hacking
|
|
|
๐ฉ๐ช
keep_out
|
|
traefik
...
|
Bad Web Bot
Web App Attack
|
|
|
๐ฌ๐ง
OptimusGO
|
|
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-03-07 02:27:41 UTC
Log evidence:
138.124.123.107 - - [07/Mar/2026:02:27:36 +0000] "GET /ohKOiG?z=aria2c%20--help%202%3E%261%20%7C%20head%20-1 HTTP/1.1" 499 0 "-" "Mozilla/5.0"
138.124.123.107 - - [07/Mar/2026:02:27:37 +0000] "GET /ohKOiG?z=python%20--version%202%3E%261 HTTP/1.1" 404 1823 "-" "Mozilla/5.0"
138.124.123.107 - - [07/Mar/2026:02:27:38 +0000] "GET /ohKOiG?z=php%20-v%202%3E%261%20%7C%20head%20-1 HTTP/1.1" 404 1828 "-" "Mozilla/5.0"
show less
|
Port Scan
Brute-Force
|
|
|
๐จ๐ญ
foobar.vip
|
|
Deploying xmrig via react RCE
|
Web App Attack
Hacking
|
|
|
๐ซ๐ท
MeduzaCTI
|
|
Indicator Report
Indicator: 138.124.123.107
Reporter: Vegeta
Description: Mythic C2 Found
Tags: FOF ...
show more
Indicator Report
Indicator: 138.124.123.107
Reporter: Vegeta
Description: Mythic C2 Found
Tags: FOFA,Mythic,C2
Source: Meduza CTI Platform
Reference: https://meduzacti.com
show less
|
Hacking
|
|
|
๐ธ๐ฆ
MeduzaCTI
|
|
Indicator Report
Indicator: 138.124.123.107
Reporter: Karizma
Description: Mythic C2 Found
Tags: FO ...
show more
Indicator Report
Indicator: 138.124.123.107
Reporter: Karizma
Description: Mythic C2 Found
Tags: FOFA,Mythic,C2
Source: Meduza CTI Platform
Reference: https://meduzacti.com
show less
|
Hacking
|
|
Showing 1 to
8
of 8 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: