IOC Report
http://c.conversionlogic.net

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 53
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 54
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 55
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 56
ASCII text, with very long lines (17673)
downloaded
Chrome Cache Entry: 57
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 58
JSON data
downloaded
Chrome Cache Entry: 59
ASCII text, with very long lines (631)
downloaded
Chrome Cache Entry: 60
HTML document, ASCII text, with very long lines (619)
downloaded
Chrome Cache Entry: 61
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 62
ASCII text, with very long lines (392), with no line terminators
downloaded
Chrome Cache Entry: 63
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 64
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 65
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 66
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 67
C source, ASCII text, with very long lines (56421)
downloaded
Chrome Cache Entry: 68
ASCII text, with very long lines (56412), with no line terminators
downloaded
Chrome Cache Entry: 69
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (2247)
downloaded
Chrome Cache Entry: 71
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
downloaded
Chrome Cache Entry: 72
ASCII text, with very long lines (65465)
downloaded
Chrome Cache Entry: 73
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 74
JSON data
dropped
Chrome Cache Entry: 75
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 76
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
dropped
Chrome Cache Entry: 77
ASCII text, with very long lines (2736)
downloaded
There are 16 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2184,i,4750710094024023776,5290538666169249574,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://c.conversionlogic.net"

URLs

Name
IP
Malicious
http://c.conversionlogic.net
https://btloader.com/tag?o=5097926782615552&upapi=true
172.67.41.60
https://img1.wsimg.com/parking-lander/static/css/main.8a1d19af.css
unknown
http://ww1.conversionlogic.net/lander
https://api.btloader.com/mw/state?bt_env=prod
130.211.23.194
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://syndicatedsearch.goog
unknown
http://ww1.conversionlogic.net/
15.197.204.56
https://support.google.com/recaptcha#6262736
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://recaptcha.net
unknown
https://www.apache.org/licenses/
unknown
https://ad-delivery.net/px.gif?ch=1&e=0.27612668333241763
104.26.3.70
about:blank
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://cloud.google.com/contact
unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.251.35.230
https://play.google.com/log?format=json&hasfast=true
unknown
https://ad-delivery.net/px.gif?ch=2
104.26.3.70
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://api.aws.parking.godaddy.com/v1/domains/domain?domain=ww1.conversionlogic.net&portfolioId=&abp=1&gdabp=true
52.13.101.202
https://www.google.com/recaptcha/api.js
142.250.217.228
http://c.conversionlogic.net/
63.141.242.46
https://img1.wsimg.com/parking-lander/static/js/main.9bfaa532.js
unknown
https://support.google.com/recaptcha/#6175971
unknown
https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
https://godaddy.com/domain-parking/forsale/conversionlogic.net
unknown
https://www.google.com/recaptcha/api2/
unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m
142.250.217.228
https://www.google.com/js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js
142.250.217.228
https://support.google.com/recaptcha
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=ou76cc1SFuQyT9YeBPJC8JqqhMnzIft4uTanx-4-9sbqWE4NrVoMd-dFwdVYPVy9o3yHUAf1R87w9OYaEq5iMxhuMJfKl7Y4rbqoIwa393lC9jfkZ1_8zl4VBhX3MAVG92zSN7Fu_2Phxhmh1k-qITmQC5muNW6T1bmxaTlkcze6rrmHMzWEOtVvguGRbiWT8fq4lQmtHBi_uoOzTJc24CG4ZcAKxjOnbOG15IdVyEK_NCwPA33jV9ivnR_L9oFbmgH9wDdkOvwoBV0NuSUZsCMLKawzUnw&cb=hoty0np8z5p9
https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
192.178.50.36
There are 24 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gddomainparking.com
52.13.101.202
bg.microsoft.map.fastly.net
199.232.214.172
www3.l.google.com
172.217.165.206
api.btloader.com
130.211.23.194
c.conversionlogic.net
63.141.242.46
ad.doubleclick.net
142.251.35.230
www.google.com
142.250.217.228
btloader.com
172.67.41.60
www10.smartname.com
15.197.204.56
fp2e7a.wpc.phicdn.net
192.229.211.108
ad-delivery.net
104.26.3.70
img1.wsimg.com
unknown
api.aws.parking.godaddy.com
unknown
ww1.conversionlogic.net
unknown
www.adsensecustomsearchads.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.178.50.36
unknown
United States
104.26.3.70
ad-delivery.net
United States
172.217.165.206
www3.l.google.com
United States
63.141.242.46
c.conversionlogic.net
United States
192.168.2.6
unknown
unknown
130.211.23.194
api.btloader.com
United States
52.13.101.202
gddomainparking.com
United States
142.251.35.230
ad.doubleclick.net
United States
142.250.217.228
www.google.com
United States
15.197.204.56
www10.smartname.com
United States
172.67.41.60
btloader.com
United States
142.250.217.174
unknown
United States
239.255.255.250
unknown
Reserved
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
http://ww1.conversionlogic.net/lander
http://ww1.conversionlogic.net/lander
https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7621175430%26pcsa%3Dfalse%26channel%3D08272%26domain_name%3Dconversionlogic.net%26client%3Ddp-namemedia08_3ph%26r%3Dm%26rpbu%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2927860770008733%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4081714144635264%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1714144635266%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D627058929%26rurl%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252Flander%26referer%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252F&q=EgRmgZjcGPyKr7EGIjCSK_vUcq-P1NMromRBIW31_bvsuLbTpOsswmNhRZKtJjlK-ktx1PUz_i4rmPXhm3wyAXJKGVNPUlJZ
https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7621175430%26pcsa%3Dfalse%26channel%3D08272%26domain_name%3Dconversionlogic.net%26client%3Ddp-namemedia08_3ph%26r%3Dm%26rpbu%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2927860770008733%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4081714144635264%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1714144635266%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D627058929%26rurl%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252Flander%26referer%3Dhttp%253A%252F%252Fww1.conversionlogic.net%252F&q=EgRmgZjcGPyKr7EGIjCSK_vUcq-P1NMromRBIW31_bvsuLbTpOsswmNhRZKtJjlK-ktx1PUz_i4rmPXhm3wyAXJKGVNPUlJZ
about:blank
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=ou76cc1SFuQyT9YeBPJC8JqqhMnzIft4uTanx-4-9sbqWE4NrVoMd-dFwdVYPVy9o3yHUAf1R87w9OYaEq5iMxhuMJfKl7Y4rbqoIwa393lC9jfkZ1_8zl4VBhX3MAVG92zSN7Fu_2Phxhmh1k-qITmQC5muNW6T1bmxaTlkcze6rrmHMzWEOtVvguGRbiWT8fq4lQmtHBi_uoOzTJc24CG4ZcAKxjOnbOG15IdVyEK_NCwPA33jV9ivnR_L9oFbmgH9wDdkOvwoBV0NuSUZsCMLKawzUnw&cb=hoty0np8z5p9
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b