EN ES PT
Back to Stats

Visual Capture

Screenshot of megaethterminal.com

Detection Info

https://megaethterminal.com/
Detected Brand
MegaETH
Country
International
Confidence
90%
HTTP Status
200
Report ID
94e6ef53-e77…
Analyzed
2026-07-17 11:26

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T142F2096193106F7EE026C368F762B2E56319B264E607CA9492FD43E159CACC9E737CD0
CONTENT ssdeep
384:VJMYrlPAVa8w5Oid5z4bA9KToq5+r7IzgAE4VxIZk9JV9ABCOnk8liU+/I:VNI/2+GS+r7mg74VxD9JYBC2DUg

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cccc333399cc6633
VISUAL aHash
0000181818180000
VISUAL dHash
0010303030300000
VISUAL wHash
8498bcbcbcbcfb00
VISUAL colorHash
38000000000
VISUAL cropResistant
0010303030300000

Code Analysis

Risk Score 53/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 OTP Stealer

🔬 Threat Analysis Report

• Threat: Crypto Wallet Drainer/Credential Theft
• Target: MegaETH Users
• Method: Obfuscated JS landing page
• Exfil: JavaScript-based hooking
• Indicators: Obfuscated code, recent domain
• Risk: Critical

🔒 Obfuscation Detected

  • unescape

📡 API Calls Detected

  • POST

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

JavaScript Obfuscation
Detection of 'unescape' function used to hide code payload.
Domain Impersonation
Domain suffix 'terminal' used to appear as an official portal.

🔬 Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
MegaETH users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: OTP Stealer
  • 2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
MegaETH
Official Website
https://megaeth.systems/
Fake Service
MegaETH Terminal Access

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Wallet Draining

The site uses obfuscated JavaScript to trigger a malicious connection prompt upon clicking 'Get Started'.

Secondary Method: Brand Impersonation

Uses official branding to establish false trust.

Target Blockchain
Ethereum

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
megaethterminal.com
Registered
2026-05-11
Registrar
Unknown
Status
active

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.