Select Page

Sans just recommended removing certain IP ranges from block lists:

Based on feedback from Intercage customers, we no longer recommend to block them. Please let us know if you see any problems from and we will try to facility contact and a resolution.

Link here.

The IP ranges in question are:

InterCage Inc.: ( –
Inhoster: ( –

While we rarely disagree with our friends at SANs, we do NOT recommend removing these ranges, at least not  This is a live bad range.


Andy Placid      
London  GB      
placid @

Or this one:


And let’s not forget the very evil Vcodec, http://www.vicodec(dot)com (, which is responsible for SpyAxe, SpyStriker, desktop hijacks, pop-up advertising, toolbar installs, and all that fun.

As regards the range, the IP range is hosed with live files and the sites that look normal also make calls to the 195 and 85 of the Russian servers:

  • dirty-rape(dot)com calls in the rotational IP that will end up running a wmf exploit and infestation. 
  • calls in Iframe:
  • redirects to:
  • calls:
  • in Iframe runs
  •  The wmf calls to

85.255.114.* is also a bad site (Wuster Ltd sites running wmf exploits). 

However, to may be clean.

Maybe SANS should recommend to blocking specific domains and IP address instead. 

For example: – –

And preferably these as well: that calls the – – (formally -

Or else people with un-patched machines are going to end up looking at this


or this, depending on the day and time:



Alex Eckelberry
(Thanks to Sunbelt researchers Patrick Jordan, Adam Thomas)

Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34