JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 43.156.49.125

43.156.49.125 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 69%: ?

69%

ISP	Asia Pacific Network Information Center, Pty. Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS132203
Domain Name	apnic.net
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 43.156.49.125

Whois 43.156.49.125

IP Abuse Reports for 43.156.49.125:

This IP address has been reported a total of 33 times from 11 distinct sources. 43.156.49.125 was first reported on June 9th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 1gz	2026-06-10 09:41:08 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /category/sport/ UA: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 cwytech	2026-06-10 09:34:58 (1 day ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/tpot-web-high.	Bad Web Bot Web App Attack
🇩🇪 sdos.es	2026-06-10 07:37:12 (1 day ago)	"Multiple/Conflicting Connection Header Data Found - keep-alive, close"	Web App Attack
Anonymous	2026-06-10 06:33:23 (1 day ago)	Illegitimate and/or suspicious requests.	Hacking
🇺🇸 TPI-Abuse	2026-06-10 03:29:06 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 23:28:57.660959 2026] [security2:error] [pid 29453:tid 29453] [client 43.156.49.125:45874] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.barkan.us\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.barkan.us"] [uri "/"] [unique_id "aijZ-USm3mPGOFSHlFffswAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 01:43:28 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 21:43:19.536342 2026] [security2:error] [pid 14290:tid 14290] [client 43.156.49.125:42482] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.oruguitas.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.oruguitas.org"] [uri "/"] [unique_id "aijBN8twN_DlNyHPb4xmxQAAABE"], referer: http://www.oruguitas.org show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 00:32:21 (1 day ago)	Malicious activity detected	Hacking Web App Attack
🇨🇭 backslash	2026-06-10 00:12:02 (1 day ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-09 23:01:56 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 19:01:51.436616 2026] [security2:error] [pid 12597:tid 12597] [client 43.156.49.125:42352] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|bestcostparts.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "bestcostparts.com"] [uri "/"] [unique_id "aiibXzky81dDsT4FqfwSZAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 22:41:18 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 18:41:11.692454 2026] [security2:error] [pid 3056:tid 3056] [client 43.156.49.125:52202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|192.64.150.218:80\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.218"] [uri "/"] [unique_id "aiiWh_PyGAGB7aZfOEwwbAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 21:41:09 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 17:41:03.759425 2026] [security2:error] [pid 16103:tid 16103] [client 43.156.49.125:59006] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|keysenterprise.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "keysenterprise.net"] [uri "/thesurfatcocoabeach/"] [unique_id "aiiIb0MQTtvYgITNNl1QzAAAAAo"], referer: https://surfcb.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 21:24:20 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 17:24:14.131699 2026] [security2:error] [pid 22831:tid 22831] [client 43.156.49.125:36784] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|lo-family.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "lo-family.org"] [uri "/"] [unique_id "aiiEfkkpjIk-MRgaDHvn3QAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ParaBug	2026-06-09 21:21:53 (1 day ago)	43.156.49.125 - - [09/Jun/2026:23:21:52 +0200] "GET / HTTP/1.0" 400 568 "-" "-" ...	Phishing Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 20:46:37 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 16:46:31.005746 2026] [security2:error] [pid 16529:tid 16529] [client 43.156.49.125:52148] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.wildemar.info\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.wildemar.info"] [uri "/"] [unique_id "aih7prJpivS6Nh22nkSTcwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 18:50:45 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 43.156.49.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 14:50:38.049966 2026] [security2:error] [pid 4317:tid 4317] [client 43.156.49.125:50272] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.gemconsulting.world\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.gemconsulting.world"] [uri "/"] [unique_id "aihgfnjLt5iyEKZsaJ-rnQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 178.62.121.129

🇯🇵 54.248.17.61

🇺🇸 54.88.141.228

🇲🇦 196.92.7.249

🇫🇮 147.185.133.26

🇺🇸 104.156.254.195

🇺🇸 65.49.1.236

🇸🇬 47.79.206.60

🇸🇬 47.79.200.89

🇫🇷 46.105.46.43

🇺🇸 44.218.190.158

🇰🇷 43.164.190.161

🇨🇳 42.51.41.158

🇺🇸 35.245.101.193

🇧🇬 5.188.206.46

🇮🇹 146.70.225.92

🇲🇽 104.243.245.77

🇻🇳 103.75.183.177

🇬🇧 92.207.4.157

🇰🇷 218.150.184.241