Http Multipart Nextjs Proto Constructor Pollution Probe

Multipart form-data payload containing __proto__ pollution and constructor:constructor gadget access within a React Server Components–style serialized object ($1: references). Indicative of reconnaissance or staged exploitation attempts targeting Next.js / Node.js deserialization vulnerabilities.

Observed IPs

122

Avg Confidence

67%

Protocol

HTTP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
193.142.147.209	100%	28,246	12,295	🇩🇪 DE	AS213438	2026-02-10
146.19.24.133	98%	18,576	9,378	🇵🇱 PL	AS201814	2026-02-13
87.120.191.67	100%	10,269	9,833	🇺🇸 US	AS215925	2026-02-24
45.194.92.35	96%	8,541	3,709	🇺🇸 US	AS215925	2026-02-22
15.204.132.49	98%	6,203	3,024	🇺🇸 US	AS16276	2026-02-12
45.194.92.38	96%	4,159	2,199	🇺🇸 US	AS215925	2026-02-23
176.65.132.94	96%	3,588	3,154	🇩🇪 DE	AS51396	2026-02-24
144.172.114.199	96%	3,350	1,582	🇺🇸 US	AS14956	2026-01-31
87.121.84.24	96%	3,296	2,388	🇺🇸 US	AS215925	2026-03-02
45.194.92.11	96%	2,840	1,462	🇺🇸 US	AS215925	2026-02-23
193.32.162.28	97%	2,489	2,489	🇷🇴 RO	AS47890	2026-03-02
167.86.107.35	93%	2,456	1,306	🇫🇷 FR	AS51167	2026-03-02
67.213.118.179	88%	2,283	1,941	🇺🇸 US	AS396356	2026-03-01
195.3.221.86	99%	2,170	2,162	🇵🇱 PL	AS201814	2026-03-03
192.42.116.213	98%	1,631	188	🇳🇱 NL	AS215125	2026-02-20
2.58.56.147	97%	1,351	616	🇳🇱 NL	AS210558	2026-02-09
192.42.116.208	99%	1,327	155	🇳🇱 NL	AS215125	2026-02-22
84.200.128.149	88%	1,292	593	🇩🇪 DE	AS214036	2026-02-18
192.42.116.209	98%	1,165	135	🇳🇱 NL	AS215125	2026-02-20
64.89.161.198	88%	1,126	602	🇬🇧 GB	AS205759	2026-02-23

Loading threats