not2easy - 7:16 pm on Jan 29, 2013 (gmt 0)

I couldn't find anything on INTERBUSINESS less than 10 years old so I thought I would add these here. Please move them if there is somewhere else for this.
I am seeing more activity from INTERBUSINESS, TDENET and RIMA - yes, Rima and TDEnet are telecommunications networks in Spain with legitimate users. The sites they are hitting don't do anything intl so they are blocked:

79.14.0.0 - 79.14.127.255 TELECOM-INTERBUSINESS (IT) 79.14.0.0/16
79.28.128.0 - 79.28.255.255 TELECOM-INTERBUSINESS (IT) 79.28.0.0/16
79.29.128.0 - 79.29.255.255 TELECOM-INTERBUSINESS (IT) 79.29.0.0/16
80.28.128.0 - 80.28.255.255 TDENET (ES) 80.28.0.0/16
80.32.0.0 - 80.35.255.255 RIMA (ES) 80.33.0.0/16
80.36.0.0 - 80.39.255.255 RIMA (ES) 80.36.0.0/16

All of these all well as a few others I'm still checking on are from the past two weeks' access logs for one relatively new WP install and they ALL had the same UA:
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1"
..and they were all programmed hack attacks: POST /wp-login.php