A list of IP addresses looking for fingerprints of webapps containing vulnerabilities. Produced by scanning web access logs of various websites looking for suspicious/interesting HTTP requests, mostly WordPress, PHPMyAdmin looking URLs.
These IP addresses could be:
- Proxy servers (open or private)
- VPS/dedicated machines bought for this purpose
- An Amazon EC2 virtual machine
- Someone's hacked web server
- A home IP address
- Someone's hacked home computer
- An actual legit white-hat hacker collecting data about known vulnerabilities