Phishing Analysis
Detailed analysis of captured phishing page
97
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: Megaeth
- • Threat: Credential harvesting phishing kit
- • Target: Megaeth users internationally
- • Method: Fake website impersonating Megaeth to steal user data
- • Exfil: Data sent through obfuscated JavaScript
- • Indicators: Domain mismatch, recent domain registration, obfuscated JS
- • Risk: HIGH - Immediate credential theft
⚠ Risk Factors
- Brand impersonation of Megaeth on non-official domain
- Contains 7 form(s) with JavaScript submission
- JavaScript obfuscation detected (5 patterns)
- Credential harvesting indicators detected
- OTP/2FA stealing indicators detected
Visual Capture
Detection Info
https://claim-windheaven.xyz
Detected Brand
Megaeth
Country
International
Confidence
100%
HTTP Status
200
Report ID
19e070fb-495…
Analyzed
2026-01-11 04:31
Final URL (after redirects)
https://claim-windheaven.xyz/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11643B532C2908E3B158346C8E7706A99B2D592C9CB725BC4B3F94255EFDCCE4DC681AD |
|
CONTENT
ssdeep
|
768:G0HKDep/JsDp57BWkNaclAMw8zVc+bYKSAvJOMezNmYhqZBwQZ4ZGnrP6SDtFjyq:257BJb+NmvZ2QZCG9tytE |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9d1d1d1d4d646c4e |
|
VISUAL
aHash
|
000fffffffffffff |
|
VISUAL
dHash
|
fa7a014800000000 |
|
VISUAL
wHash
|
00003f3f0f0f0f0f |
|
VISUAL
colorHash
|
071c0000000 |
|
VISUAL
cropResistant
|
fa79821000000000,3031669edad9ba7a |
Code Analysis
Risk Score
97/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing kit
• Target: Megaeth users internationally
• Method: Fake website impersonating Megaeth to steal user data
• Exfil: Data sent through obfuscated JavaScript
• Indicators: Domain mismatch, recent domain registration, obfuscated JS
• Risk: HIGH - Immediate credential theft
🔒 Obfuscation Detected
- atob
- eval
- fromCharCode
- document.write
- base64_strings