{ "type": "URL", "indicator": "https://ginko.garden/pl/new", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ginko.garden/pl/new", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4058156440, "indicator": "https://ginko.garden/pl/new", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68013ac900c5970b3285b18c", "name": "Ginko.Garden - \ud83c\udf37\ud83d\udc30 W Ginko.Garden mamy niespodziank\u0119 dla... | Facebook", "description": "https://medium.com/@arkadikulinski/ginko-garden-sp-z-o-o-co-ukrywa-sp%C3%B3%C5%82ka-i-czy-jest-legalna-17517300e0d5\nhttps://www.malware.me/analysis/59080/summary/\nhttps://ti.qianxin.com/v2/search?type=md5&value=5decbed192399d909d700354cefd3a15\nhttps://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=AZZEqZFNONZSmF3--bI0\nhttps://www.hybrid-analysis.com/sample/ed37d544311a15584f8ba1ded4961600dd155904fe709673c5fd9f2ab8027e84", "modified": "2025-09-01T08:05:24.151000", "created": "2025-04-17T17:30:49.661000", "tags": [ "zaloguj", "zaloguj si", "nie pamitasz", "grono", "publiczne w", "przedstawiamy", "odkryjcie", "wasze kwiaty", "antracyt", "yw barw", "click", "cieka pliku", "identyfikator", "dokument html", "unicode", "z bom", "crlf rozmiar", "sha1", "sha256", "ssd gboki", "typ pliku", "plik dokumentu", "v2 dokument", "rozmiar pliku", "sha512", "tekst ascii", "z bardzo", "rozmiar", "cieka", "tekst utf8", "dane obrazu" ], "references": [ "Ginko.Garden - ?? W Ginko.Garden mamy niespodziank? dla... _ Facebook.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 48, "domain": 2, "FileHash-SHA256": 45, "FileHash-MD5": 13, "FileHash-SHA1": 12, "hostname": 1 }, "indicator_count": 121, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6848c105e22453c2bec2258d", "name": "Ogrodnictwo - Baza Firm 2024.xls adorno.pl", "description": "Researchers at the University of California at Berkeley, in the United States, have published their findings on the subject of a security vulnerability in Microsoft's PowerShell operating system, also known as \"Chocolatey\".", "modified": "2025-07-28T08:00:49.288000", "created": "2025-06-10T23:34:29.281000", "tags": [ "vhash", "ssdeep", "inquest labs", "microsoft excel", "d0 cf", "e0 a1", "hiddenss", "statess", "hidden", "nocase", "sha256", "externalnet", "homenet", "mtu denial", "5762", "needed", "df bit", "reply", "policies", "insecure level", "registry type", "powershell", "powershell id", "script block", "logging", "windows", "getfreespace", "imageendswith", "example", "imagestartswith", "files", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "cache entry", "gzip chrome", "user", "woff chrome", "javascript c", "doscom c", "text c", "bmp c", "text chrome" ], "references": [ "MD5 da63ff099674eab612f7101116bddaa5", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 12, "FileHash-SHA256": 51, "URL": 239, "YARA": 1, "domain": 35, "hostname": 22, "CVE": 1 }, "indicator_count": 375, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6840dced3080556150634fa5", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "https://www.virustotal.com/gui/file-analysis/YjljOTQzMGFmMjYyNjBjNWQ5YmYwOGM5MmM2NTRhNzI6MTc0OTA4MTI5NQ==", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-04T23:55:25.528000", "tags": [ "ssdeep", "file type", "ms windows", "pe32", "intel", "utf16", "crlf", "unicode", "tekst unicode", "wersja pliku", "dane obrazu", "rgba", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "string", "bareword", "might", "unknown regexp", "os x", "sandbox", "snort", "memory pattern", "number", "wping", "shell" ], "references": [ "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "http://vgt.pl/static/js/bootstrap-typeahead.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 75, "FileHash-SHA1": 20, "FileHash-SHA256": 76, "URL": 273, "hostname": 78, "domain": 73 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://vgt.pl/static/js/bootstrap-typeahead.js", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "Ginko.Garden - ?? W Ginko.Garden mamy niespodziank? dla... _ Facebook.html", "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "MD5 da63ff099674eab612f7101116bddaa5", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 910 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ginko.garden", "whois": "http://whois.domaintools.com/ginko.garden", "domain": "ginko.garden", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68013ac900c5970b3285b18c", "name": "Ginko.Garden - \ud83c\udf37\ud83d\udc30 W Ginko.Garden mamy niespodziank\u0119 dla... | Facebook", "description": "https://medium.com/@arkadikulinski/ginko-garden-sp-z-o-o-co-ukrywa-sp%C3%B3%C5%82ka-i-czy-jest-legalna-17517300e0d5\nhttps://www.malware.me/analysis/59080/summary/\nhttps://ti.qianxin.com/v2/search?type=md5&value=5decbed192399d909d700354cefd3a15\nhttps://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=AZZEqZFNONZSmF3--bI0\nhttps://www.hybrid-analysis.com/sample/ed37d544311a15584f8ba1ded4961600dd155904fe709673c5fd9f2ab8027e84", "modified": "2025-09-01T08:05:24.151000", "created": "2025-04-17T17:30:49.661000", "tags": [ "zaloguj", "zaloguj si", "nie pamitasz", "grono", "publiczne w", "przedstawiamy", "odkryjcie", "wasze kwiaty", "antracyt", "yw barw", "click", "cieka pliku", "identyfikator", "dokument html", "unicode", "z bom", "crlf rozmiar", "sha1", "sha256", "ssd gboki", "typ pliku", "plik dokumentu", "v2 dokument", "rozmiar pliku", "sha512", "tekst ascii", "z bardzo", "rozmiar", "cieka", "tekst utf8", "dane obrazu" ], "references": [ "Ginko.Garden - ?? W Ginko.Garden mamy niespodziank? dla... _ Facebook.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 48, "domain": 2, "FileHash-SHA256": 45, "FileHash-MD5": 13, "FileHash-SHA1": 12, "hostname": 1 }, "indicator_count": 121, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6848c105e22453c2bec2258d", "name": "Ogrodnictwo - Baza Firm 2024.xls adorno.pl", "description": "Researchers at the University of California at Berkeley, in the United States, have published their findings on the subject of a security vulnerability in Microsoft's PowerShell operating system, also known as \"Chocolatey\".", "modified": "2025-07-28T08:00:49.288000", "created": "2025-06-10T23:34:29.281000", "tags": [ "vhash", "ssdeep", "inquest labs", "microsoft excel", "d0 cf", "e0 a1", "hiddenss", "statess", "hidden", "nocase", "sha256", "externalnet", "homenet", "mtu denial", "5762", "needed", "df bit", "reply", "policies", "insecure level", "registry type", "powershell", "powershell id", "script block", "logging", "windows", "getfreespace", "imageendswith", "example", "imagestartswith", "files", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "cache entry", "gzip chrome", "user", "woff chrome", "javascript c", "doscom c", "text c", "bmp c", "text chrome" ], "references": [ "MD5 da63ff099674eab612f7101116bddaa5", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 12, "FileHash-SHA256": 51, "URL": 239, "YARA": 1, "domain": 35, "hostname": 22, "CVE": 1 }, "indicator_count": 375, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6840dced3080556150634fa5", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "https://www.virustotal.com/gui/file-analysis/YjljOTQzMGFmMjYyNjBjNWQ5YmYwOGM5MmM2NTRhNzI6MTc0OTA4MTI5NQ==", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-04T23:55:25.528000", "tags": [ "ssdeep", "file type", "ms windows", "pe32", "intel", "utf16", "crlf", "unicode", "tekst unicode", "wersja pliku", "dane obrazu", "rgba", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "string", "bareword", "might", "unknown regexp", "os x", "sandbox", "snort", "memory pattern", "number", "wping", "shell" ], "references": [ "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "http://vgt.pl/static/js/bootstrap-typeahead.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 75, "FileHash-SHA1": 20, "FileHash-SHA256": 76, "URL": 273, "hostname": 78, "domain": 73 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ginko.garden/pl/new", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ginko.garden/pl/new", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780333126.4899268 }