SafeMode - Analysis: aktiifkaanpayllaters.resmi-hkv3.my.id

Captura Visual

Screenshot of aktiifkaanpayllaters.resmi-hkv3.my.id

Información de Detección

https://aktiifkaanpayllaters.resmi-hkv3.my.id/

Detected Brand

DANA

Country

Indonesia

Confianza

95%

HTTP Status

200

Report ID

910923d1-a52…

Analyzed

2026-01-25 18:05

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T136F1D8D3E048540A1312C9C1AED7E244F2368717CB56653ADAB650E3F3D9AF4C27A7A2
CONTENT ssdeep	192:Lp3lBluhF1vyYDYV9Hsqu9jZP1N8dPVIq:Lp3lBludyYOdsqojZPv8dtr

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	834973670ce7cc66
VISUAL aHash	00001e3f01ffffff
VISUAL dHash	e2d2f4ecebcecece
VISUAL wHash	0000180f03ffffff
VISUAL colorHash	03003000180
VISUAL cropResistant	f8eceeebcececeea,c072c2d4ececeeeb

Análisis de Código

Risk Score 53/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Phishing de robo de credenciales de DANA
• Objetivo: Usuarios de la billetera electrónica DANA en Indonesia
• Método: Sitio web falso para robar las credenciales de usuario.
• Exfil: Desconocido.
• Indicators: Dominio sospechoso, Javascript ofuscado y formularios para la captura de credenciales.
• Riesgo: ALTO - Robo inmediato de credenciales.

🔒 Obfuscation Detected

fromCharCode

📡 API Calls Detected

POST

📊 Desglose de Puntuación de Riesgo

Total Risk Score

85/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester kit with 4 forms for harvesting user credentials.

Obfuscation Techniques

Identified 4 obfuscation techniques in the JavaScript code, increasing evasion potential.

Brand Impersonation

Impersonates DANA, a legitimate financial service, to deceive users into submitting sensitive information.

Malicious JavaScript

Inclusion of JavaScript file (owl.carousel.js) with potential for malicious activity, though no direct malicious functions extracted.

Lack of Infrastructure Transparency

No associated IPs or nameservers detected, complicating traceability and takedown efforts.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Theft (Fake DANA Login)

Objetivo

DANA users (Indonesia)

Canal de Exfiltración

Backend API

🏢 Análisis de Suplantación de Marca

Impersonated Brand

DANA

Official Website

https://www.dana.id

Fake Service

DANA Paylater and DANA Cicil services

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit employs multiple forms to capture user credentials, such as login details, PINs, or other sensitive financial information. The harvested data is likely transmitted to an attacker-controlled server for immediate exploitation or resale on underground markets.

Secondary Method: Brand Impersonation

The campaign mimics DANA's official branding and service offerings, such as DANA Paylater and DANA Cicil, to trick users into believing the site is legitimate and prompting them to enter their credentials.