EN ES PT
Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://app.gitbook.com/o/lV4gAi9JKryA7LuwxuDM/s/b7FIgAIpipP4T4WNzJCl/
Detected Brand
GitBook
Country
International
Confiança
100%
HTTP Status
200
Report ID
bce552c4-a91…
Analyzed
2026-02-07 22:46

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T14D323CF12220257F065B8BE9FA91E3CDF64FA14CD9624E84D178437926CBCE0D916978
CONTENT ssdeep
192:999lDvk0NlohsV6qB2kZFo/MdF/C84+Hi9Vcs/MZk7K/GfxTNy:ZlD7NlohsTTo/MdF34+H8VPECG/QNy

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ecdbc19a2cc36c2c
VISUAL aHash
f0f2f3f393f3f3f3
VISUAL dHash
159447673625a426
VISUAL wHash
f0f0f1b090f0f2f2
VISUAL colorHash
07000030000
VISUAL cropResistant
159447673625a426,9991858b362db66c

Análise de Código

Risk Score 100/100
Nível de Ameaça BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info
🔥 Firebase Backend

🔬 Threat Analysis Report

• Ameaça: Nenhuma (Legítimo)
• Alvo: Usuários do GitBook
• Método: N/A
• Exfil: N/A
• Indicadores: Domínio corresponde à marca, formulário de login padrão
• Risco: Baixo

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

🎯 Kit Endpoints

  • https://gitbook.com/docs/creating-content/blocks/code-block#with-line-numbers
  • https://gitbook.com/docs/creating-content/blocks/code-block#wrap-code
  • https://js-eu1.hsforms.net/forms/v2.js
  • https://www.googletagmanager.com/gtm.js?id=
  • https://gitbook.com/docs
  • https://www.gitbook.com/events
  • https://policies.gitbook.com/privacy/cookies
  • https://knowledge.hubspot.com/account/prevent-contact-properties-update-through-tracking-code-api)
  • https://gitbook.com/docs/getting-started/import
  • https://mycompany.com/privacy-policy
  • https://gitbook.com/docs/published-documentation/customization
  • https://js.hs-banner.com/v2
  • https://js.hs-scripts.com/8443689.js
  • https://gitbook.com/docs/creating-content/blocks/code-block#set-syntax
  • https://js.hsforms.net/forms/v2.js
  • https://api-iam.eu.intercom.io
  • https://js.hs-banner.com/v2/8443689/banner.js
  • https://js.hs-analytics.net/analytics/1770507900000/8443689.js
  • https://gitbook.com/docs/content-editor/searching-your-content
  • https://cdn.segment.(com|build)
  • https://gitbook.slack.com/archives/C07AQA4256G/p1721923712258389
  • https://${new
  • https://api-iam.intercom.io
  • https://segment-cdn.gitbook.com/next-integrations/actions/hubspot-web/d15abe56021b9cc2c7a9.js
  • https://gitbookio.github.io/space-quickstart-images/public-docs-card.svg
  • https://gitbookio.github.io/space-quickstart-images/import-panel.svg
  • https://${x4.services.fonts.host}/font/custom/`,
  • https://example.com/fallback
  • https://mysite.com/file
  • https://app.gitbook.com/o/lV4gAi9JKryA7LuwxuDM/s/b7FIgAIpipP4T4WNzJCl/${t}/~gitbook/embed/script.js

📡 API Calls Detected

  • https://gitbook.com/docs/resources/firewall-safelist
  • mailto:[email protected]
  • GET
  • ${t}${n}
  • first
  • POST
  • /__cookies__
  • https://www.google.com/ccm/geo
  • https://github.com/GitbookIO/community/discussions
  • https://github.com/orgs/GitbookIO/discussions/categories/feature-requests

☁️ Cloud Backend

  • Firebase: gitbook-x-prod-default-rtdb.firebaseio.com

📊 Detalhamento da Pontuação de Risco

Total Risk Score
5/100

Contributing Factors

Domain matches Brand
The domain is app.gitbook.com, which is consistent with the brand.
Obfuscation
Javascript obfuscation detected, this is common.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
GitBook users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Firebase Database
Avaliação de Risco
CRITICAL - Automated credential harvesting with Firebase Database

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 7141 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
GitBook
Official Website
null

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The site is designed to collect user credentials by presenting a legitimate-looking login form. The obfuscated Javascript may be for tracking or more malicious uses.

🌐 Indicadores de Compromisso de Infraestrutura

🦠 Malicious Files

Main File
8443689.js
File Size

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
1,8 MB

🔗 API Endpoints Detected

Other
39

🔐 Obfuscation Detected

  • : None
  • : Light
  • : Moderate
  • : None
  • : Heavy
  • : Heavy
  • : Light
  • : Light
  • : Moderate
  • : Light

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Main Drainer
8443689.js
File Size
1814KB

Scan History for app.gitbook.com

Found 1 other scan for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.