Hi, i have noticed that if the fake domain is b64 encoded on "Referer" header on request to target site it is not replaced by the correct b64 domain so the fake domain is actually being sent in the Referer header if b64 encoded.

Is the Referer header included in the list of HTTP headers to transform? Maybe provide an example so I can even debug it.

Proxied where? It's not clear what's the flow and what you want to do. If it is from your browser to muraena it still makes sense to have the phishing domain in it.
But to me this doesn't seem a bug but more a problem of configuration .. MiTM Muraena to check what's going on (see here: https://github.com/muraenateam/muraena/wiki/Debugging)

Thanks, well spotted @soermejo!

Thanks to you for fixing the issue