0/100

low Risk

nextonia.com.co

https://nextonia.com.co

172.67.69.142 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 20.2s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "HITCLUB Webfactory - Trang Hit Club Duy Nhất | Tải Hitclub IOS/APK"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

HITCLUB / HITCLUB Webfactory

Vendors

28/31

Status

partial

✓ eset✓ sophos✓ microsoft✗ norton✓ avast✓ brightcloud✓ avg✓ bitdefender✗ drweb✗ chainpatrol✓ yandex✓ polyswarm✓ apple✓ urlscan✓ openphish✓ urlquery✓ apwg✓ spamhaus✓ netcraft✓ emsisoft✓ phishreport✓ isitphish✓ cisa✓ virustotal✓ kaspersky✓ phishtank✓ urlabuse✓ google✓ threatyeti✓ mcafee✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

HITCLUB / HITCLUB Webfactory

Unknown

gaming | technology · 6/3/2026

Summary

The page presents HITCLUB branding and content, but is hosted on webfactory.com.co while the final URL is nextonia.com.co. The page title, meta tags, and visible branding are HITCLUB, with assets (logo_hitclub.png, banner images) served from webfactory.com.co. This constitutes a strong impersonation signal (brand visible on a non-official domain) coupled with SPA behavior and dynamic credential capture risk suggested by numerous external scripts and lack of static forms. However, there is no definitive credential harvesting form observed in static HTML; SPA rendering means forms may be loaded by JavaScript. The evidence supports impersonation; further investigation is recommended to confirm credential theft capability on the live page.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸Distinctive asset clues: jquery.min.js, user-vite-3.js, 494500a3b3707ff66f252fdd18643ea8.css, 6901727dc89bf9e31dd5c5a6265c4f83.css, bg-hitclub.jpg, 728X90-200kb.gif.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 49

Hosts: 4

Domains: 4

Attack Techniques (2)

Brand impersonation detected: HITCLUB branding presented on a non-official domain (nextonia.com.co shows HITCLUB content, assets referenced from webfactory.com.co).High external script count and diverse asset pool increase risk of credential capture via injected UI components.

Indicators of Compromise (1)

▸Static HTML contains 0 forms; JavaScript bundles likely render credential capture elements dynamically (SPA pattern).

Risk AssessmentUsed in abuse reports

The page displays HITCLUB branding on a non-official domain and appears to be a clone or impersonation attempt, using a SPA pattern with multiple external assets to render a UI that could collect credentials. The hostnames involved (nextonia.com.co and webfactory.com.co) and the redirect to webfactory.com.co strengthen the impersonation signal. While static HTML shows no login form, the SPA architecture suggests credential capture could occur via dynamically injected forms. Recommend treating as impersonation risk with monitoring and further verification on target domains; consider blocking or suspending if corroborated by additional abuse signals.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence