This IP address has been reported a total of
72
times from
49 distinct
sources.
104.208.112.12 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: Word ...
show moreBlocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: WordPress scanning, Webshell probing, Cloud secrets probing
show less
Honeypot: automated vulnerability scan / web app attack. Last probe: GET /index.php/wp-includes/PHPM ...
show moreHoneypot: automated vulnerability scan / web app attack. Last probe: GET /index.php/wp-includes/PHPMailer
show less
{"level":"info","ts":1783459741.4755838,"logger":"http.log.access.log1","msg":"handled request","req ...
show more{"level":"info","ts":1783459741.4755838,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"104.208.112.12","remote_port":"7200","client_ip":"104.208.112.12","proto":"HTTP/1.1","method":"GET","host":"domainstatus.millicentpharma.com","uri":"/wp-content/plugins/hellopress/wp_filemanager.php","headers":{}},"bytes_read":0,"user_id":"","duration":0.000109408,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://domainstatus.millicentpharma.com/wp-content/plugins/hellopress/wp_filemanager.php"]}}
{"level":"info","ts":1783459745.6468644,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"104.208.112.12","remote_port":"6081","client_ip":"104.208.112.12","proto":"HTTP/1.1","method":"GET","host":"domainstatus.millicentpharma.com","uri":"/this_is_a_new_hello_world.php","headers":{}},"bytes_read":0,"user_id":"","duration":0.000082969,"size":0,"status":308,"resp_headers":{"Serve
...
show less
"Restricted File Access Attempt - Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-con ...
show more"Restricted File Access Attempt - Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"
show less
(mod_security) mod_security (id:210492) triggered by 104.208.112.12 (-): 1 in the last 300 secs; Por ...
show more(mod_security) mod_security (id:210492) triggered by 104.208.112.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 17:18:19.156469 2026] [security2:error] [pid 14062:tid 14062] [client 104.208.112.12:9356] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.talamancareserve.com"] [uri "/wp-config.php"] [unique_id "ak1tG1ntoFYtyWrVGzrHvwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
104.208.112.12 - - [07/Jul/2026:21:11:46 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.p ...
show more104.208.112.12 - - [07/Jul/2026:21:11:46 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 302 513 "-" "-"
...
show less
Bad Web Bot
Web App Attack
Anonymous
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: Word ...
show moreBlocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: WordPress scanning, Webshell probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
Anonymous
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show moreProbing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy โ zero tolerance for exploit scanning. Banned Jul 7, 21:02 UTC. Origin: Hong Kong, Hong Kong.
show less