I couldn't find anything on INTERBUSINESS less than 10 years old so I thought I would add these here. Please move them if there is somewhere else for this.
I am seeing more activity from INTERBUSINESS, TDENET and RIMA - yes, Rima and TDEnet are telecommunications networks in Spain with legitimate users. The sites they are hitting don't do anything intl so they are blocked:
184.108.40.206 - 220.127.116.11 TELECOM-INTERBUSINESS (IT) 18.104.22.168/16
22.214.171.124 - 126.96.36.199 TELECOM-INTERBUSINESS (IT) 188.8.131.52/16
184.108.40.206 - 220.127.116.11 TELECOM-INTERBUSINESS (IT) 18.104.22.168/16
22.214.171.124 - 126.96.36.199 TDENET (ES) 188.8.131.52/16
184.108.40.206 - 220.127.116.11 RIMA (ES) 18.104.22.168/16
22.214.171.124 - 126.96.36.199 RIMA (ES) 188.8.131.52/16
All of these all well as a few others I'm still checking on are from the past two weeks' access logs for one relatively new WP install and they ALL had the same UA:
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1"
..and they were all programmed hack attacks: POST /wp-login.php