So first it was the Chinese, then it was the Brazillians. Now its Capita trying to break into my site.

Posted on December 3, 2014 by Steve

Capita – that company who the UK Government think can be trusted to run so much of our infrastructure can’t apparently stop their own network from being used to attempt to hack servers:

31.222.208.86 - - [03/Dec/2014:01:22:43 +0000] "GET /wp/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:43 +0000] "GET /Wp/wp-login.php HTTP/1.1" 404 12141 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /wordpress/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /Wordpress/wp-login.php HTTP/1.1" 404 12260 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:44 +0000] "GET /test/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /Test/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /site/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /Site/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:45 +0000] "GET /old/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /Old/wp-login.php HTTP/1.1" 404 12158 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /shop/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:46 +0000] "GET /Shop/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /store/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /Store/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:47 +0000] "GET /blog/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /Blog/wp-login.php HTTP/1.1" 404 12175 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /blogs/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:48 +0000] "GET /Blogs/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:49 +0000] "GET /forum/wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:01:22:49 +0000] "GET /Forum/wp-login.php HTTP/1.1" 404 12192 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /wp/wp-login.php HTTP/1.1" 404 293 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /wordpress/wp-login.php HTTP/1.1" 404 300 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /test/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /site/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /old/wp-login.php HTTP/1.1" 404 294 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /shop/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /store/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /blogs/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
31.222.208.86 - - [03/Dec/2014:08:20:33 +0000] "GET /forum/wp-login.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘31.222.208.0 – 31.222.208.255’

% Abuse contact for ‘31.222.208.0 – 31.222.208.255’ is ‘lir @ capita.co.uk’

inetnum: 31.222.208.0 – 31.222.208.255
netname: OPENHIVEisp
descr: Capita
country: GB
remarks: INFRA-AW
org: ORG-AGP1-RIPE
admin-c: SYN3-RIPE
tech-c: SYN3-RIPE
status: ASSIGNED PA
mnt-by: synetrix
source: RIPE # Filtered

organisation: ORG-AGP1-RIPE
org-name: Synetrix (Holdings) Limited
org-type: LIR
address: Synetrix Neil Tramaseur Synetrix House, 49 – 51 Victoria Rd GU14 7PA Farnborough UNITED KINGDOM
phone: +44 1252 405600
fax-no: +44 1252 405605
abuse-mailbox: lir @ synetrix.co.uk
admin-c: NT722-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: synetrix
mnt-by: RIPE-NCC-HM-MNT
abuse-c: SA3890-RIPE
source: RIPE # Filtered

role: Synetrix Ltd
address: Innovation Court
address: New Street
address: Basingstoke
address: Hampshire
address: RG21 7DN
phone: +441256 383600
abuse-mailbox: lir @ capita.co.uk
admin-c: SA3890-RIPE
tech-c: ST2925-RIPE
nic-hdl: SYN3-RIPE
mnt-by: synetrix
source: RIPE # Filtered

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to So first it was the Chinese, then it was the Brazillians. Now its Capita trying to break into my site.

  1. Pingback: Capita still allowing hacking from their network | Steve's Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.