{ "type": "URL", "indicator": "http://get-loader.ioncube.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://get-loader.ioncube.com", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain ioncube.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4348766478, "indicator": "http://get-loader.ioncube.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69fd7fb96ff89c2e60ba385c", "name": "VirusTotal Box of Apples Sandbox report - Facade[.]PHP", "description": "Dated 2021. This report failed uploaded multiple times. I will provide further analysis but I want to upload it while I can.", "modified": "2026-05-08T06:36:43.035000", "created": "2026-05-08T06:16:25.847000", "tags": [ "usereventagent", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "mitre attack", "network info", "processes extra", "overview", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "file type", "get http", "host", "useragent mac", "php script", "ascii text" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778220989&Signature=owHCTWTjrTpHitMkAs4ZzBnGfy822nfwhgfHCnNI6P3NVmpVwBBNgEGjZKJSNwLc52Yl%2F0OH%2Fzx9MFQdAxAwxjTlHyK%2FqZv5J%2BP4qi%2FYj5gM8X2b%2FgMN0DzO5kbKS94dYh12RGh5Ar%2F9rP09HyOy9eWEVzRTyVqUjXGbIfbAjV8fgA5RDNvYRGM4Q0X%2FVuECJjtZ1GNigkHztLt2QQKDBzADI91Dyy", "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778221012&Signature=BW1Hbbl7VGtXMKywoHZqeQRluX9X6H34JFbMTwpZr7S%2BKHXBfaU4v0akjdGvzFxRNJCrsrrAjX3JxKmur7emgzUsUVV9xAdAxAh8Bxh7RVYRNvq%2B%2FUGpbVWBorlGqZkvTGdlvZ4hV%2FrIxyQwQys80zRjEoVlwoeU207S1uzi5eYXpWwgcuuKXY%2Bds2GU%2Fz9JNl1QOWgXJt%2F%2FJvkx9JxznPmXklPzi%2BM7ln8%2BwwCzHS" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 22, "URL": 51, "hostname": 44, "FileHash-SHA256": 7, "domain": 7, "FileHash-MD5": 2, "FileHash-SHA1": 1, "JA3": 1 }, "indicator_count": 135, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7fb96b3718609c114d49", "name": "VirusTotal Box of Apples Sandbox report - Facade[.]PHP", "description": "Dated 2021. This report failed uploaded multiple times. I will provide further analysis but I want to upload it while I can.", "modified": "2026-05-08T06:18:35.627000", "created": "2026-05-08T06:16:25.517000", "tags": [ "usereventagent", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "mitre attack", "network info", "processes extra", "overview", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "file type", "get http", "host", "useragent mac", "php script", "ascii text" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778220989&Signature=owHCTWTjrTpHitMkAs4ZzBnGfy822nfwhgfHCnNI6P3NVmpVwBBNgEGjZKJSNwLc52Yl%2F0OH%2Fzx9MFQdAxAwxjTlHyK%2FqZv5J%2BP4qi%2FYj5gM8X2b%2FgMN0DzO5kbKS94dYh12RGh5Ar%2F9rP09HyOy9eWEVzRTyVqUjXGbIfbAjV8fgA5RDNvYRGM4Q0X%2FVuECJjtZ1GNigkHztLt2QQKDBzADI91Dyy", "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778221012&Signature=BW1Hbbl7VGtXMKywoHZqeQRluX9X6H34JFbMTwpZr7S%2BKHXBfaU4v0akjdGvzFxRNJCrsrrAjX3JxKmur7emgzUsUVV9xAdAxAh8Bxh7RVYRNvq%2B%2FUGpbVWBorlGqZkvTGdlvZ4hV%2FrIxyQwQys80zRjEoVlwoeU207S1uzi5eYXpWwgcuuKXY%2Bds2GU%2Fz9JNl1QOWgXJt%2F%2FJvkx9JxznPmXklPzi%2BM7ln8%2BwwCzHS" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 22, "URL": 51, "hostname": 44, "FileHash-SHA256": 7, "domain": 7, "FileHash-MD5": 2, "FileHash-SHA1": 1, "JA3": 1 }, "indicator_count": 135, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778221012&Signature=BW1Hbbl7VGtXMKywoHZqeQRluX9X6H34JFbMTwpZr7S%2BKHXBfaU4v0akjdGvzFxRNJCrsrrAjX3JxKmur7emgzUsUVV9xAdAxAh8Bxh7RVYRNvq%2B%2FUGpbVWBorlGqZkvTGdlvZ4hV%2FrIxyQwQys80zRjEoVlwoeU207S1uzi5eYXpWwgcuuKXY%2Bds2GU%2Fz9JNl1QOWgXJt%2F%2FJvkx9JxznPmXklPzi%2BM7ln8%2BwwCzHS", "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778220989&Signature=owHCTWTjrTpHitMkAs4ZzBnGfy822nfwhgfHCnNI6P3NVmpVwBBNgEGjZKJSNwLc52Yl%2F0OH%2Fzx9MFQdAxAwxjTlHyK%2FqZv5J%2BP4qi%2FYj5gM8X2b%2FgMN0DzO5kbKS94dYh12RGh5Ar%2F9rP09HyOy9eWEVzRTyVqUjXGbIfbAjV8fgA5RDNvYRGM4Q0X%2FVuECJjtZ1GNigkHztLt2QQKDBzADI91Dyy" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 136 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ioncube.com", "whois": "http://whois.domaintools.com/ioncube.com", "domain": "ioncube.com", "hostname": "get-loader.ioncube.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69fd7fb96ff89c2e60ba385c", "name": "VirusTotal Box of Apples Sandbox report - Facade[.]PHP", "description": "Dated 2021. This report failed uploaded multiple times. I will provide further analysis but I want to upload it while I can.", "modified": "2026-05-08T06:36:43.035000", "created": "2026-05-08T06:16:25.847000", "tags": [ "usereventagent", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "mitre attack", "network info", "processes extra", "overview", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "file type", "get http", "host", "useragent mac", "php script", "ascii text" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778220989&Signature=owHCTWTjrTpHitMkAs4ZzBnGfy822nfwhgfHCnNI6P3NVmpVwBBNgEGjZKJSNwLc52Yl%2F0OH%2Fzx9MFQdAxAwxjTlHyK%2FqZv5J%2BP4qi%2FYj5gM8X2b%2FgMN0DzO5kbKS94dYh12RGh5Ar%2F9rP09HyOy9eWEVzRTyVqUjXGbIfbAjV8fgA5RDNvYRGM4Q0X%2FVuECJjtZ1GNigkHztLt2QQKDBzADI91Dyy", "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778221012&Signature=BW1Hbbl7VGtXMKywoHZqeQRluX9X6H34JFbMTwpZr7S%2BKHXBfaU4v0akjdGvzFxRNJCrsrrAjX3JxKmur7emgzUsUVV9xAdAxAh8Bxh7RVYRNvq%2B%2FUGpbVWBorlGqZkvTGdlvZ4hV%2FrIxyQwQys80zRjEoVlwoeU207S1uzi5eYXpWwgcuuKXY%2Bds2GU%2Fz9JNl1QOWgXJt%2F%2FJvkx9JxznPmXklPzi%2BM7ln8%2BwwCzHS" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 22, "URL": 51, "hostname": 44, "FileHash-SHA256": 7, "domain": 7, "FileHash-MD5": 2, "FileHash-SHA1": 1, "JA3": 1 }, "indicator_count": 135, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fd7fb96b3718609c114d49", "name": "VirusTotal Box of Apples Sandbox report - Facade[.]PHP", "description": "Dated 2021. This report failed uploaded multiple times. I will provide further analysis but I want to upload it while I can.", "modified": "2026-05-08T06:18:35.627000", "created": "2026-05-08T06:16:25.517000", "tags": [ "usereventagent", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "mitre attack", "network info", "processes extra", "overview", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "file type", "get http", "host", "useragent mac", "php script", "ascii text" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778220989&Signature=owHCTWTjrTpHitMkAs4ZzBnGfy822nfwhgfHCnNI6P3NVmpVwBBNgEGjZKJSNwLc52Yl%2F0OH%2Fzx9MFQdAxAwxjTlHyK%2FqZv5J%2BP4qi%2FYj5gM8X2b%2FgMN0DzO5kbKS94dYh12RGh5Ar%2F9rP09HyOy9eWEVzRTyVqUjXGbIfbAjV8fgA5RDNvYRGM4Q0X%2FVuECJjtZ1GNigkHztLt2QQKDBzADI91Dyy", "https://vtbehaviour.commondatastorage.googleapis.com/00000c27e0786dd70056452f3a79c81aacb336bd88ad88f17e078179a2c7a639_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778221012&Signature=BW1Hbbl7VGtXMKywoHZqeQRluX9X6H34JFbMTwpZr7S%2BKHXBfaU4v0akjdGvzFxRNJCrsrrAjX3JxKmur7emgzUsUVV9xAdAxAh8Bxh7RVYRNvq%2B%2FUGpbVWBorlGqZkvTGdlvZ4hV%2FrIxyQwQys80zRjEoVlwoeU207S1uzi5eYXpWwgcuuKXY%2Bds2GU%2Fz9JNl1QOWgXJt%2F%2FJvkx9JxznPmXklPzi%2BM7ln8%2BwwCzHS" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 22, "URL": 51, "hostname": 44, "FileHash-SHA256": 7, "domain": 7, "FileHash-MD5": 2, "FileHash-SHA1": 1, "JA3": 1 }, "indicator_count": 135, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://get-loader.ioncube.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://get-loader.ioncube.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780278447.5361323 }