Sponsored by..

Monday 11 March 2013

Sidharth Shah / OVH / itechline.com

I have now come across several incidents of malware hosted in an OVH IP address range suballocated to Sidharth Shah. The blocks that I can identify so far are:

5.135.20.0/27
5.135.27.128/27
5.135.204.0/27
5.135.218.32/27
5.135.223.96/27
37.59.93.128/27
37.59.214.0/28
46.105.183.48/28
91.121.228.176/28
94.23.106.224/28
176.31.106.96/27
176.31.140.64/28
178.32.186.0/27
178.32.199.24/29
188.165.180.224/27

These IPs are mostly malware or fake goods. Legitimate sites seem to be nonexistant, although these IP ranges have hosted legitimate sites in the past. I would personally recommend blocking them all, but if you want to see a fuller analysis of WOT ratings and Google Safe Browsing diagnostics see here.

So, what do we know about Mr Shah? Well, the IPs have the following contact details:

organisation:   ORG-SS252-RIPE
org-name:       Shah Sidharth
org-type:       OTHER
address:        12218 Skylark Rd
address:        20871 Clarksburg
address:        US
abuse-mailbox:  ovhresell@gmail.com
phone:          +1.5407378283
mnt-ref:        OVH-MNT
mnt-by:         OVH-MNT
source:         RIPE # Filtered


This is presumably the same Mr Shah who owns sidharthshah.com:
   Technical Contact:
      Shah, Sidharth  sidharth134@gmail.com
      12128 Skylark Rd
      Clarksburg, Maryland 20871
      United States
      (240) 535-2204


These contact details are 

The email address sidharth134@gmail.com is also associated with itechline.com which is a company with an unenviable F rating from the BBB, who list the principal as being Sidharth Shah.

BBB rating is based on 16 factors.
Factors that lowered the rating for ITechline.com include:

    Length of time business has been operating
    8 complaints filed against business
    Failure to respond to 7 complaints filed against business

ITechline.com has garnered some very negative consumer reviews [1] [2] [3] [4] . It appears to advertise on search engines for phrases like mcafee support and then charges to look at the computer, with "fixes" that some have reported to be of variable quality. You should make your own mind up as to the veracity of these negative claims.

Whether or no the OVH IP addresses are managed by Mr Shah directly or theourh ITechline is not known. Looking at the malicious domains, I cannot find a direct connection to Mr Shah other than the fact that they are a customer. However, I would not expect a well-managed network to have so many malicious domains and other spammy sites, I would recommend blocking access to all the listed IPs if you can.


No comments: