EN ES PT
Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://app.gitbook.com/o/lV4gAi9JKryA7LuwxuDM/s/b7FIgAIpipP4T4WNzJCl/
Detected Brand
GitBook
Country
International
Confianza
100%
HTTP Status
200
Report ID
bce552c4-a91…
Analyzed
2026-02-07 22:46

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T14D323CF12220257F065B8BE9FA91E3CDF64FA14CD9624E84D178437926CBCE0D916978
CONTENT ssdeep
192:999lDvk0NlohsV6qB2kZFo/MdF/C84+Hi9Vcs/MZk7K/GfxTNy:ZlD7NlohsTTo/MdF34+H8VPECG/QNy

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ecdbc19a2cc36c2c
VISUAL aHash
f0f2f3f393f3f3f3
VISUAL dHash
159447673625a426
VISUAL wHash
f0f0f1b090f0f2f2
VISUAL colorHash
07000030000
VISUAL cropResistant
159447673625a426,9991858b362db66c

Análisis de Código

Risk Score 100/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info
🔥 Firebase Backend

🔬 Threat Analysis Report

• Amenaza: Ninguna (Legítimo)
• Objetivo: Usuarios de GitBook
• Método: N/A
• Exfil: N/A
• Indicadores: Dominio coincide con la marca, formulario de inicio de sesión estándar
• Riesgo: Bajo

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

🎯 Kit Endpoints

  • https://gitbook.com/docs/creating-content/blocks/code-block#with-line-numbers
  • https://gitbook.com/docs/creating-content/blocks/code-block#wrap-code
  • https://js-eu1.hsforms.net/forms/v2.js
  • https://www.googletagmanager.com/gtm.js?id=
  • https://gitbook.com/docs
  • https://www.gitbook.com/events
  • https://policies.gitbook.com/privacy/cookies
  • https://knowledge.hubspot.com/account/prevent-contact-properties-update-through-tracking-code-api)
  • https://gitbook.com/docs/getting-started/import
  • https://mycompany.com/privacy-policy
  • https://gitbook.com/docs/published-documentation/customization
  • https://js.hs-banner.com/v2
  • https://js.hs-scripts.com/8443689.js
  • https://gitbook.com/docs/creating-content/blocks/code-block#set-syntax
  • https://js.hsforms.net/forms/v2.js
  • https://api-iam.eu.intercom.io
  • https://js.hs-banner.com/v2/8443689/banner.js
  • https://js.hs-analytics.net/analytics/1770507900000/8443689.js
  • https://gitbook.com/docs/content-editor/searching-your-content
  • https://cdn.segment.(com|build)
  • https://gitbook.slack.com/archives/C07AQA4256G/p1721923712258389
  • https://${new
  • https://api-iam.intercom.io
  • https://segment-cdn.gitbook.com/next-integrations/actions/hubspot-web/d15abe56021b9cc2c7a9.js
  • https://gitbookio.github.io/space-quickstart-images/public-docs-card.svg
  • https://gitbookio.github.io/space-quickstart-images/import-panel.svg
  • https://${x4.services.fonts.host}/font/custom/`,
  • https://example.com/fallback
  • https://mysite.com/file
  • https://app.gitbook.com/o/lV4gAi9JKryA7LuwxuDM/s/b7FIgAIpipP4T4WNzJCl/${t}/~gitbook/embed/script.js

📡 API Calls Detected

  • https://gitbook.com/docs/resources/firewall-safelist
  • mailto:[email protected]
  • GET
  • ${t}${n}
  • first
  • POST
  • /__cookies__
  • https://www.google.com/ccm/geo
  • https://github.com/GitbookIO/community/discussions
  • https://github.com/orgs/GitbookIO/discussions/categories/feature-requests

☁️ Cloud Backend

  • Firebase: gitbook-x-prod-default-rtdb.firebaseio.com

📊 Desglose de Puntuación de Riesgo

Total Risk Score
5/100

Contributing Factors

Domain matches Brand
The domain is app.gitbook.com, which is consistent with the brand.
Obfuscation
Javascript obfuscation detected, this is common.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
GitBook users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Firebase Database
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Firebase Database

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 7141 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
GitBook
Official Website
null

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site is designed to collect user credentials by presenting a legitimate-looking login form. The obfuscated Javascript may be for tracking or more malicious uses.

🌐 Indicadores de Compromiso de Infraestructura

🦠 Malicious Files

Main File
8443689.js
File Size

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
1,8 MB

🔗 API Endpoints Detected

Other
39

🔐 Obfuscation Detected

  • : None
  • : Light
  • : Moderate
  • : None
  • : Heavy
  • : Heavy
  • : Light
  • : Light
  • : Moderate
  • : Light

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Main Drainer
8443689.js
File Size
1814KB

Scan History for app.gitbook.com

Found 1 other scan for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.