JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 77.37.37.253

77.37.37.253 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	IPFFM Internet Provider Frankfurt GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	ipffm.de
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	Manchester, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 77.37.37.253

Whois 77.37.37.253

IP Abuse Reports for 77.37.37.253:

This IP address has been reported a total of 47 times from 32 distinct sources. 77.37.37.253 was first reported on June 7th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-09 05:34:01 (1 week ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇩🇪 Hary74656	2026-06-09 01:31:18 (1 week ago)	[Tue Jun 09 03:31:06.635499 2026] [security2:error] [pid 2375:tid 2793] [client 77.37.37.253:20268] ... show more [Tue Jun 09 03:31:06.635499 2026] [security2:error] [pid 2375:tid 2793] [client 77.37.37.253:20268] [client 77.37.37.253] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "weavernet.at"] [uri "/core/.env"] [unique_id "aids1b7_h1THXqUHmtuv_wAAA6Q"] [Tue Jun 09 03:31:06.635570 2026] [security2:error] [pid 2561:tid 2728] [client 77.37.37.253:20296] [client 77.37.37.253] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity ... show less	Web App Attack
🇨🇭 TheCoon	2026-06-08 23:45:01 (1 week ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇳🇱 homeshowdomain.nl	2026-06-08 22:00:44 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07. show less	Web App Attack SSH Hacking
🇩🇪 strxmpp	2026-06-08 21:37:44 (1 week ago)	77.37.37.253 - - [08/Jun/2026:23:37:43 +0200] "GET /backend/.env HTTP/1.1" 404 4856 "-" "Mozilla/5.0 ... show more 77.37.37.253 - - [08/Jun/2026:23:37:43 +0200] "GET /backend/.env HTTP/1.1" 404 4856 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-08 20:17:55 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 77.37.37.253 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 77.37.37.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 16:17:51.218287 2026] [security2:error] [pid 22308:tid 22308] [client 77.37.37.253:41738] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mohsep-eg.com"] [uri "/api/.env"] [unique_id "aicjb2BrAwWmHWXhvq5g_wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-08 13:42:57 (1 week ago)	(mod_security-custom) mod_security (id:210492) triggered by 77.37.37.253 (GB/United Kingdom/England/ ... show more (mod_security-custom) mod_security (id:210492) triggered by 77.37.37.253 (GB/United Kingdom/England/Manchester/-/[AS47583 AS-HOSTINGER]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇩🇪 Hans Wurst	2026-06-08 10:56:31 (1 week ago)	Many 404-Error: Suspicion of URL-Fuzzing/Bot-Scan.	Web App Attack
Anonymous	2026-06-08 09:30:30 (1 week ago)		Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 08:08:33 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 77.37.37.253 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 77.37.37.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:08:25.734608 2026] [security2:error] [pid 26632:tid 26632] [client 77.37.37.253:52932] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oss-in-atm.info"] [uri "/core/.env"] [unique_id "aiZ4eSdlElVMUcBF3xTzmQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-06-08 07:21:13 (1 week ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based)	Hacking Web App Attack
🇬🇧 consul.to	2026-06-08 05:52:19 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 masterguru	2026-06-08 03:57:54 (1 week ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-201) show less	Hacking
🇫🇷 masterguru	2026-06-08 03:01:12 (1 week ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇹🇷 baku.hosting	2026-06-08 02:26:40 (1 week ago)	CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 77.37.37.253 (GB/United Kingdo ... show more CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 77.37.37.253 (GB/United Kingdom/-): 5 in the last 3600 secs show less	Brute-Force Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.185.24.228

🇨🇳 223.93.164.218

🇰🇷 211.223.179.252

🇵🇭 210.5.117.238

🇹🇼 198.235.24.120

🇺🇸 147.185.132.111

🇪🇸 79.116.214.251

🇮🇳 45.123.217.22

🇸🇪 31.208.188.18

🇺🇸 31.57.38.244

🇨🇳 14.103.115.208

🇹🇼 198.235.24.103

🇺🇸 147.185.132.25

🇸🇬 101.47.27.73

🇷🇺 87.250.224.91

🇬🇧 191.96.110.38

🇧🇷 189.26.120.237

🇨🇳 182.138.158.223

🇺🇸 162.216.150.98

🇨🇳 120.239.57.239