Web InfoTech, LLC/WeConnect Soft Solutions Pvt Ltd/Garage2Global Ventures Pvt Ltd

Some more feeder sites for the ww0.us redirector domain:

• https://activateuhccom.godaddysites.com/
• https://activateuhccom.github.io/
• https://activate-uhc-com.webflow.io/
• Login & Activate Your UnitedHealthcare Plan – activate.uhc.com
• https://activate.uhc.my/

Here’s a good one with many links to their various “products”:

https://digital-blogs.hashnode.dev/

through one of the “articles” on this spam blog, I found their new fake Walmart site:

https://digital-blogs.hashnode.dev/how-to-check-walmart-gift-card-balance

redirects through ww0.us to https://pin.us2.my/walmart.com/contact-service.php, which has the same toll-free number as on their previous phishing domain, 855-428-7334.

I requested a call from “Support” on a Saturday morning, and Zakk from The Technical Department called me from a spoofed New Jersey cellphone number. Upon pressing Zakk he said “we are a turd party support company.” What is the name of your Third Party Company, I asked? “Web Infotech.” Zakk developed a sour attitude and hung up shortly thereafter without providing any “support.”

Another find on the site: https://digital-blogs.hashnode.dev/making-the-most-out-of-disneypluscombegin-urls-on-smart-tvs links via ww0.us How to Activate Disney+ | A Complete Guide to How to Activate Disney+ | A Complete Guide

Which of course leads to the error page https://pin.us2.my/disneyplus.com/contact-service.php

Screenshot From 2025-05-10 08-03-571060×642 53.2 KB

phone number 855-378-6176, which is also coincidentally the phone number for the (fake) Amazon Prime!

New domain for the phishing pages: cnu.us3.my (was pin.us2.my).

I’m getting (404 not found on the new link)

They don’t serve anything on the default/index.html location. You have to point to a specific subdirectory, and if you want the phishing payload instead of the dummy “info” page, you have to have the correct referrer (from ww0.us) and a normal desktop or mobile user-agent.

For example: click on “Get Started Now” on the feeder page https://disneypluscombegincode.wordpress.com/ and you will be redirected via ww0.us to a phishing payload on cnu.us3.my.

Another website that links to ww0.us:

https://windows12-download.jimdosite.com/
links to https://ww0.us/?aHR0cHM6Ly93aW5kb3dzMTItZG93bmxvYWQuamltZG9zaXRlLmNvbQ==
which redirects to https://files.tooldownload.net/windows-12/?MjAyNS0wNS0xMiAwODowOTo0MA==

which prompts the user to download a Windows Powershell virus.

Found another one!

links to Activate Netspend | Netspend.com/Activate

which redirects to Activate Netspend | Netspend.com/Activate

Number 855-619-8688 (same number as their fake Capital One scam).

Screenshot From 2025-05-11 19-50-321253×856 34.2 KB

and another!

links to Netflix Guide - Login and Activate at netflix.com

which redirects to Netflix Guide - Login and Activate at netflix.com

Screenshot From 2025-05-11 19-58-37649×704 21 KB

Screenshot From 2025-05-11 19-56-01663×700 30.7 KB

phone number 855-428-7334.

Hey, if anyone here has access to a “backlink checker” could you run a report on sites that link to ww0.us? I’m using this one here https://www.seoreviewtools.com/valuable-backlinks-checker/ and it’s giving me 100 sites, but it says there are over 1700 websites linking to ww0.us – I just don’t feel like signing up for an account to look at the whole dataset.

Another new one I found through the limited free dataset: https://my5tvactivate.cc/ links to My5 TV - Sign Up, Activate, and Manage Account | My5.tv/activate on PC via My5 TV - Sign Up, Activate, and Manage Account | My5.tv/activate on PC .

And also, the number for Apple.

https://activateapplecom.wordpress.com/ links to http://ww0.us/?aHR0cHM6Ly9hY3RpdmF0ZWFwcGxlY29tLndvcmRwcmVzcy5jb20v which redirects to https://v.wvvw.site/apple/enter-code.php?MjAyNS0wNS0xMyAwNjoxOToxMA== if your browser user agent is Safari.

And another active campaign with a new toll-free number:

https://viziocomsetupentercode.github.io/ links to

855-730-4701

Screenshot From 2025-05-12 17-53-54606×501 24.8 KB

And another one: https://ytbeactivate.github.io/ links to YouTube Activation Guide - Activate at yt.be/activate or tv.youtube.com/start

image752×650 41.4 KB

855-428-7334, the same number as Walmart, LOL!

And another one! https://xfinitycomauthorizeentercode.github.io/ links to xfinity.com/authorize | xfinity login/my account

Xfinity and Apple have the same phone number: 856-240-0005!

Roman from Web Infotech is active this evening to support you in each and every thing – give him a call! He claims to be in Maryland.

Now links to https://mc.redircoms.com/ , which redirects to https://mc.activeprod.pro/ .

Fake error page Error - McAfee

New toll-free number 855-685-7003.

Update: if there’s fake McAfee, there will be fake Nortonings. https://nt.redircoms.com/ , same toll-free number of course!

And now a new phishing domain, with the same content and the same phone number. Jack from Amazon called me on request from a spoofed New Jersey Verizon number.

https://aplet.us2.my/amazon.com/contact-service.php

Note that these servers are set up so that any subdomain will return the dummy “info” content if not the phishing content. E.g. https://i-am-a-scammer.us2.my/amazon.com/contact-service.php .

Just by guessing I discovered another fake error page and another toll-free number for these extremely prolific frauds.

855-788-4770

Screenshot From 2025-05-16 15-49-59700×743 41.1 KB

thus, https://hp.redircoms.com/ redirects to https://hp.printdrive.pro/ , a fake HP printer driver scam site.

charade at Downloading Software

Same error page and phone number 855-788-4770 found at Unexpected Error , and with the same number for Canon, Error - Canon Support .

Update: another site and number found by guessing subdomains: https://az.redircoms.com/ redirects to https://az.activeprod.pro/ .

Error page Code Verification Failed , number 855-705-2211.

Unassigned subdomains of redircoms.com redirect to https://pclighter.com/ , a generic b.s. spam blog. E.g. https://i-am-a-scammer.redircoms.com/ .

And with the same 855-705-2211 number, https://max.redircoms.com/ (HBO Max) https://hl.redircoms.com/ (Hulu), https://fx.redircoms.com/ (Fox Sports), https://dis.redircoms.com/ (Disney), and probably more.

Here’s a new (to me) toll-free number and website(s) from these persistent gaandus:

https://g2b.redircoms.com/ redirects to https://g2b.activeprod.pro/ – why not enter all my credit card details, sure!

Screenshot From 2025-05-16 17-48-06700×743 43.6 KB

charade page Processing Request leads to fake error page Error with the phone number 855-645-1742.

Give them a call to sort this out, why don’t you?

Screenshot From 2025-05-16 17-50-57811×938 53 KB

And if it’s Microsoft impersonation you want, try https://ms.redircoms.com/ , which redirects to https://ms.activeprod.pro/ . Inevitable fake error page at Error : OF0740E, with toll-free number 855-685-7003 (same as McAfee and Norton, huh.)

Associated with 856-513-3106.

I spoke to Mr. Senell himself, or someone claiming to be him.

His favorite color is green.

At the same Radix Rd., Williamstown, NJ [residential] address is https://globitude.us/ , a travel agency. It claims to also have addresses in London and Gurugram.

More poking and prodding at how the various subdomains and directories work:

serves the Go2Bank impersonation error. So it seems the subdomain is sort of decorative, the directory is what matters.

Another example: Code Verification Failed, “successfully” serves the fake Amazon error page.

More poking at the subdomain parsing: Take for example the fake Microsoft error at Error : OF0740E .

Error : OF0740E produces the same result. But
https://i_am_a_scammer.activeprod.pro/ms/error-found.php returns “Invalid subdomain.” So it checks for underscores? But not, for example, dashes: Error : OF0740E. Which I guess is consistent with RFC 952 for hostnames.

New (sub-)domain spotted. Activate uhc card Help Center | Unlock Your Health Benefits: Activate Your UHC Card Today links to https://ww0.us/?aHR0cHM6Ly9hY3RpdmF0ZXVoY2NhcmQudGF3ay5oZWxw (ww0.us) which redirects to setup your activate.uhc.com . Same toll free number as before, 855-316-5067 (Web InfoTech, LLC, an Indian scam call center Jim Browning & Karl Rock shut down 4 years ago - #180 by ElmerFudde2020 ). Roman from the Technical Team is ready to take your calls.

What other businesses claim this phone number?

• contact – Comptuner LLC
• https://globalwebllc.org/
• Contact Us for Simple, Quick & Easy Call Center Services | OnlineWebSolutions
• Expert SEO & Web Development Services | Contact Us | websolutons LLC

Seems like a major update to me: over the past week or so, the “ww0.us” redirector site seemed to be in “hiding” mode, redirecting to the legitimate/official website instead of a phishing imitation. And when I checked today, ww0.us seems to be out of service! Finally!

I have no idea what this could mean or why, but for the time being it looks like the feeder pages, e.g. Activate my Capital One card online at Activate.capitalone.com , continue to link to the non-functioning ww0.us. So if there is a new redirector site for this gang, they haven’t updated their hundreds of SEO spamming feeder pages. The most recent fake Turbotax redirector, ts.remdos.com, also fails after multiple redirections which end unsuccessfully.

Is this the end for Web Infotech?

Update: not so fast. As of 26 May, ww0.us is up again although it seems to be buggy and not redirecting as intended. It’s been moved to a new IP address and nameserver(s): 5.101.140.80 , hostmaza.co.in .

Here are some other feeder sites that links to ww0.us:

the links aren’t working for me right now.