Overview

URL gamesevil.com/savemario/savemario.exe
IP69.64.147.242
ASNAS21740 eNom, Incorporated
Location United States
Report completed2017-12-31 12:36:53 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-12-31 2 www.gamesevil.com/savemario/savemario.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 69.64.147.242

Date UQ / IDS / BL URL IP
2018-08-23 20:41:58 +0200
0 - 0 - 0 69.64.147.242 69.64.147.242
2018-05-21 17:06:31 +0200
0 - 0 - 0 69.64.147.242 69.64.147.242
2018-04-29 16:37:10 +0200
0 - 0 - 1 www.designfurniture-dz.com/parts/1951-ford-8n (...) 69.64.147.242
2018-04-19 21:33:51 +0200
0 - 0 - 1 www.angrycandy.org/~linespalerts/log/signon.p (...) 69.64.147.242
2018-04-19 21:20:10 +0200
0 - 0 - 1 www.angrycandy.org/~sinovant/staff/invoices/t (...) 69.64.147.242
2018-04-17 16:45:27 +0200
0 - 1 - 0 www.veopeliculasenlatino.com/ver/inframundo-4 (...) 69.64.147.242
2018-04-10 11:49:35 +0200
0 - 0 - 1 www.shepullsthetrigger.com/~icenterc/js/vendo (...) 69.64.147.242
2018-04-02 22:14:55 +0200
0 - 0 - 1 fbapkonez.moneyindustry.money/kttmobil/?jiz2u (...) 69.64.147.242
2018-04-02 21:48:46 +0200
0 - 0 - 1 www.shepullsthetrigger.com/~sinovant/staff/in (...) 69.64.147.242
2018-03-19 17:13:11 +0100
0 - 0 - 1 www.mssnunilorin.com/logo1/653d1113813c788526 (...) 69.64.147.242

Last 10 reports on ASN: AS21740 eNom, Incorporated

Date UQ / IDS / BL URL IP
2019-06-10 15:52:06 +0200
0 - 0 - 1 jerkybuy.com/transacciones/83.58.109.913516/c (...) 98.124.199.46
2019-06-09 14:21:22 +0200
0 - 0 - 1 englishgarden.net/index.php 98.124.199.107
2019-06-09 13:37:25 +0200
0 - 0 - 1 pipersoperahouse.net/cast/bookmark 98.124.199.102
2019-06-09 11:26:35 +0200
0 - 0 - 3 weldmaster.com/zyq/bigtyme/nD 98.124.199.24
2019-06-09 11:23:21 +0200
0 - 0 - 3 weldmaster.com/gp 98.124.199.24
2019-06-07 08:05:50 +0200
0 - 0 - 4 kelownatownhomes.com/g76ub76 98.124.199.89
2019-06-05 08:06:09 +0200
0 - 0 - 6 suncoastot.com/webpage/forms/SCHOOLAGE_CHECKL (...) 98.124.252.176
2019-06-04 14:10:51 +0200
0 - 0 - 1 hal9000.ehost-services142.com/n53s3pog/hyimeh7.exe 69.64.156.54
2019-06-03 00:43:35 +0200
0 - 0 - 1 zkaoo.com/download/update/update.exe 98.124.199.125
2019-06-02 19:58:16 +0200
0 - 1 - 0 ncdrive.com/wow.exe 98.124.199.68

Last 10 reports on domain: gamesevil.com

Date UQ / IDS / BL URL IP
2019-04-23 21:53:12 +0200
0 - 0 - 1 gamesevil.com/monsterhummer/monsterhummer.exe 204.11.56.48
2019-04-19 04:05:21 +0200
0 - 0 - 1 gamesevil.com/adamas/adamas.exe 204.11.56.48
2019-03-21 00:24:50 +0100
0 - 0 - 1 gamesevil.com/bouncingmario/bouncingmario.exe 204.11.56.48
2019-03-12 07:27:03 +0100
0 - 0 - 1 gamesevil.com/blazingballs/blazingballs.exe 204.11.56.48
2019-03-10 23:54:26 +0100
0 - 0 - 1 gamesevil.com/savemario/savemario.exe 204.11.56.48
2018-12-31 01:18:16 +0100
0 - 0 - 1 gamesevil.com/savemario/savemario.exe 91.195.240.94
2018-12-06 01:21:01 +0100
0 - 0 - 1 gamesevil.com/monsterhummer/monsterhummer.exe 91.195.240.94
2018-12-02 15:32:19 +0100
0 - 0 - 1 gamesevil.com/3dneonrace/3dneonrace.exe 54.204.234.181
2018-12-02 01:28:36 +0100
0 - 0 - 1 gamesevil.com/desertmonster/desertmonster.exe 54.204.234.181
2018-07-14 02:58:30 +0200
0 - 0 - 1 gamesevil.com/savemario/savemario.exe 54.204.234.181


JavaScript

Executed Scripts (16)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 84, repeated: 1) - SHA256: 071bb71cc5f59a8a7b8eeb83d3b40bdfebdb2381c15bfb06526d6bc7b795dd25

                                        < script src = 'http://www.google-analytics.com/ga.js'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (27)


Request Response
                                        
                                            GET /jquery-latest.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
If-Modified-Since: Thu, 03 Jul 2014 13:54:44 GMT
If-None-Match: "53b560a4-1762a"

                                         
                                         94.31.29.54
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Sun, 31 Dec 2017 11:43:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Vary: Accept-Encoding
Etag: W/"54499a48-1762a"
Expires: Sun, 31 Dec 2017 22:32:31 GMT
Cache-Control: max-age=86400, public
Access-Control-Allow-Origin: *
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   38821
Md5:    68d1e2185c8eb6a8e1cdb3a917edfbba
Sha1:   db551a3334d9e4513b8129dec9c5490146dfe932
Sha256: 5a3ecb57934d2db65ad44cf2b887d72e8fb33f05a973dff391bbb8d726d123a7
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         173.194.73.106
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Date: Sun, 31 Dec 2017 11:43:04 GMT
Expires: Sun, 31 Dec 2017 11:43:04 GMT
Cache-Control: private, max-age=3600
Etag: "12022425345848936347"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82917
Md5:    a2f9bc8b96dcb8ee50a75d2caed50858
Sha1:   f1de8b38d4a23c06c4e2cb81a18b361de8ce2be7
Sha256: 89c9df16922b6eb9f85f8bf239a42e70232316fbaa4789308006ceafa0dec91a
                                        
                                            GET /savemario/savemario.exe HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 7384
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
p3p: CP="CAO PSA OUR"
Set-Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; path=/ VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM; expires=Thu, 31-Dec-2020 11:43:04 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:03 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   7384
Md5:    62d3179cc1c471accaeddfd95269e209
Sha1:   56877a85cfe14700ef12eae8460d012e8654a565
Sha256: 792405b30e606604a5c7d7f3233ef7176f9bb2e7933087ff82c972b2dd6da8ab

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/standard.js?rte=1&tm=2&dn=gamesevil.com&tid=1020 HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: private
Content-Length: 1297
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:03 GMT


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1297
Md5:    dc9e3183f9c6d8d1acbffe5669f6cf0e
Sha1:   716093640900afb40046b31e32b8357f7feae32e
Sha256: 31e40edda6563ce57ec502c8905e4bbe7d22fce0ce62ed43fd2e6240884dfd77
                                        
                                            GET /css/style.css?rte=1&tm=2&dn=gamesevil.com&tid=1020&def=Akamai%3aHostingURL%3dhttp%3a%2f%2fi.nuseek.com HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Cache-Control: private
Content-Length: 8410
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:04 GMT


--- Additional Info ---
Magic:  ASCII C program text, with CRLF line terminators
Size:   8410
Md5:    4d41e3124d50233a5f9ab27c8c80c983
Sha1:   4adccb9f9c62c7959c481b70b174efb1b449f440
Sha256: 090f43bfd69d3c52b8219cb1216fc4500ac674a2e2f0b6194c2357f6e279ae7c
                                        
                                            GET /js/google_caf.js?rte=1&tm=2&dn=gamesevil.com&tid=1020 HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: private
Content-Length: 9155
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:04 GMT


--- Additional Info ---
Magic:  ASCII C++ program text, with CRLF line terminators
Size:   9155
Md5:    eb9d458151ac10cdb0066b51710f4e18
Sha1:   e140f125c663c5b16e9757a47bad34c9977e213d
Sha256: 0fb762a1618036e755e49095ebe512c02bc603cff2535b1044d5f80ffcc75ecd
                                        
                                            GET /domainads/tracking/caf.gif?ts=1514720584731&rid=6705383 HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 43
Date: Sun, 31 Dec 2017 11:43:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    55fade2068e7503eae8d7ddf5eb6bd09
Sha1:   317496a096d6c86486a71d4521994bcd171a6bb3
Sha256: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
                                        
                                            GET /async_survey?site=kv4ic6olrzkr6 HTTP/1.1 
Host: survey.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.145
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: private, no-cache, must-revalidate, no-store
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Sun, 31 Dec 2017 11:43:04 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data
Size:   17704
Md5:    f3618eb2196744caf124298371938625
Sha1:   c679260afef2fd57944e6e9720a039111aa63a7f
Sha256: 6c49b1739644f5a4d91ba987a531f27ca25bcfa61bca0fc62b5ac8a32f07e69e
                                        
                                            GET /dp/ads?r=m&client=dp-demandmedia31_3ph&channel=100001&hl=en&adtest=on&optimize_terms=on&swp=as-drid-2421601518898051&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=s%7Cr10%7Cp5&ad=w5&adrep=2&num=0&output=afd_ads&domain_name=www.gamesevil.com&v=3&adext=as1%2Csr1&bsl=8&u_his=1&u_tz=60&dt=1514720584762&u_w=1176&u_h=885&biw=1176&bih=754&psw=-1&psh=-1&frm=0&uio=uv3cs1vp1sl1sr1-wi300-wi250ff2fa2st22sa14lt32-wi800fa2st24sd16sv16sa14&jsv=12022&rurl=http%3A%2F%2Fwww.gamesevil.com%2Fsavemario%2Fsavemario.exe HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Origin: http://www.gamesevil.com

                                         
                                         173.194.73.106
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Content-Disposition: inline
Date: Sun, 31 Dec 2017 11:43:04 GMT
Expires: Sun, 31 Dec 2017 11:43:04 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: gws
Content-Length: 1680
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1680
Md5:    91229491d14cf5a2903eec5c7ec7189a
Sha1:   0d3d91381fc740990f45b3381b2d75140a6e6795
Sha256: 5ce9be62a50edf71f851d5d00b958925dab3cbc8ddc22eb096acbff113606ebd
                                        
                                            GET /static/caf/slave.html HTTP/1.1 
Host: dp.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.130
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 637
Date: Sun, 31 Dec 2017 11:24:28 GMT
Expires: Sun, 31 Dec 2017 12:24:28 GMT
Last-Modified: Thu, 01 Jun 2017 13:45:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 1117
Cache-Control: public, max-age=3600


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   637
Md5:    c2fb36d40f162410099ac275a7c9b228
Sha1:   6d79927eb17e67f923adc6921dc13e9806785abb
Sha256: 8f075d160f4081236c3c6983a22ea2399e502d7f7fcadf54709c0a0c91c890c6
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Sun, 31 Dec 2017 11:30:42 GMT
Expires: Sun, 31 Dec 2017 13:30:42 GMT
Last-Modified: Mon, 13 Nov 2017 20:19:12 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17172
Age: 743
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17172
Md5:    43adefe535269f3b75e0f229d0dba4d6
Sha1:   5e3bed19757401b3aa6c8ab8b5f26aa17add8a3a
Sha256: fc7f9d5234f97de0433021d02e8969a93003d90bf16d40a9cb2d8f5c7bfaa398
                                        
                                            GET /insights/consumersurveys/static/406079790360020838/prompt_embed_static.js HTTP/1.1 
Host: survey.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.145
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 10 Dec 2017 19:16:27 GMT
Expires: Tue, 09 Jan 2018 19:16:27 GMT
Etag: "LMp-cA"
X-Cloud-Trace-Context: 06fda58ba0f20ce9e0b476076560e498
Content-Encoding: gzip
Server: Google Frontend
Content-Length: 110269
Age: 1787198
Cache-Control: public, max-age=2592000


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   110269
Md5:    c067c6c88b17d89bf2681c8d5dc42dc7
Sha1:   efa2787c333e2e6ffd0aa1558144cb4cd7535bdd
Sha256: 12c4ce127e6be85235a0495973f3689f35a27881280f5d758acdc2d346641757
                                        
                                            GET /apps/domainpark/domainpark.cgi?r=m&client=dp-demandmedia31_3ph&channel=100001&hl=en&adtest=off&optimize_terms=on&drid=as-drid-2421601518898051&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=s%7Cr10%7Cp5&ad=a5&adrep=2&num=0&output=caf&domain_name=www.gamesevil.com&v=3&adext=as1%2Csr1&bsl=8&u_his=1&u_tz=60&dt=1514720584753&u_w=1176&u_h=885&biw=1176&bih=754&psw=-1&psh=-1&frm=0&uio=uv3cs1vp1sl1sr1-wi300-wi250ff2fa2st22sa14lt32-wi800fa2st24sd16sv16sa14&jsv=12022&rurl=http%3A%2F%2Fwww.gamesevil.com%2Fsavemario%2Fsavemario.exe HTTP/1.1 
Host: dp.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
p3p: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 31 Dec 2017 11:43:05 GMT
Server: domainserver
Cache-Control: private
Content-Length: 1673
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1673
Md5:    d03aca6454e3014d775ce299ffa72204
Sha1:   efbcc5c55f1b96217d5a4244e184e79115bb442b
Sha256: 3ef14c133483a2cf40193eed54c2410cd693d1c9f148b45f3204b4b437b437a6
                                        
                                            GET /r/__utm.gif?utmwv=5.7.1&utms=1&utmn=794480267&utmhn=www.gamesevil.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1176x754&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=Gamesevil.com&utmhid=500340692&utmr=-&utmp=%2Fsavemario%2Fsavemario.exe&utmht=1514720586346&utmac=UA-2249740-16&utmcc=__utma%3D152289967.1505523289.1514720586.1514720586.1514720586.1%3B%2B__utmz%3D152289967.1514720586.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2006480089&utmredir=1&utmu=HAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Sun, 31 Dec 2017 11:43:06 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /ajax/services/js/error?mn=ads.domains&vh=12022425345848936347&v=1.0&em=Not%20enough%20arguments&cem=sHNE&nc1514720586652 HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?r=m&client=dp-demandmedia31_3ph&channel=100001&hl=en&adtest=off&optimize_terms=on&drid=as-drid-2421601518898051&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=s%7Cr10%7Cp5&ad=a5&adrep=2&num=0&output=caf&domain_name=www.gamesevil.com&v=3&adext=as1%2Csr1&bsl=8&u_his=1&u_tz=60&dt=1514720584753&u_w=1176&u_h=885&biw=1176&bih=754&psw=-1&psh=-1&frm=0&uio=uv3cs1vp1sl1sr1-wi300-wi250ff2fa2st22sa14lt32-wi800fa2st24sd16sv16sa14&jsv=12022&rurl=http%3A%2F%2Fwww.gamesevil.com%2Fsavemario%2Fsavemario.exe

                                         
                                         216.58.209.138
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sun, 31 Dec 2017 11:43:06 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 43
Server: GSE


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    55fade2068e7503eae8d7ddf5eb6bd09
Sha1:   317496a096d6c86486a71d4521994bcd171a6bb3
Sha256: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 31 Dec 2017 11:43:06 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    6e15222c64705149ca8bf0782542ffdf
Sha1:   934a708b838818a968b4e431661b5164a7672e15
Sha256: 6133f778ae8c4d0bd04c589092e574b8f8e852507dd22968ee5f0b44a3b067f7
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1391
Content-Transfer-Encoding: binary
Cache-Control: max-age=430164, public, no-transform, must-revalidate
Last-Modified: Fri, 29 Dec 2017 11:11:35 GMT
Expires: Fri, 5 Jan 2018 11:11:35 GMT
Date: Sun, 31 Dec 2017 11:43:06 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1391
Md5:    6228ab44e3528f1b6ad5abdeb201edea
Sha1:   0e5b17be2611aa4ff54f7001fb7761c53d06a9ab
Sha256: 81acf731f7cb8124f0d0f432931949d780d67d0c0ee83d13ad3dc0ad333276ed
                                        
                                            GET /googleCallback?rid=03cc87ad-c67d-4ab5-87a5-d82bf680c0f4&isAfd=1 HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM; __utma=152289967.1505523289.1514720586.1514720586.1514720586.1; __utmb=152289967.1.10.1514720586; __utmc=152289967; __utmz=152289967.1514720586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
                                        
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:06 GMT


--- Additional Info ---
                                        
                                            GET /afs/gen_204?output=uds_ads_only&zx=32ze0eqtu6qc&pbt=er&errt=ads.domains&errv=12022425345848936347&errm=sHNE&emsg=Not%20enough%20arguments HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?r=m&client=dp-demandmedia31_3ph&channel=100001&hl=en&adtest=off&optimize_terms=on&drid=as-drid-2421601518898051&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=s%7Cr10%7Cp5&ad=a5&adrep=2&num=0&output=caf&domain_name=www.gamesevil.com&v=3&adext=as1%2Csr1&bsl=8&u_his=1&u_tz=60&dt=1514720584753&u_w=1176&u_h=885&biw=1176&bih=754&psw=-1&psh=-1&frm=0&uio=uv3cs1vp1sl1sr1-wi300-wi250ff2fa2st22sa14lt32-wi800fa2st24sd16sv16sa14&jsv=12022&rurl=http%3A%2F%2Fwww.gamesevil.com%2Fsavemario%2Fsavemario.exe

                                         
                                         173.194.73.106
HTTP/1.1 204 No Content
Content-Type: text/html; charset=ISO-8859-1
                                        
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Sun, 31 Dec 2017 11:43:06 GMT
Server: gws
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2017-12-31-11; expires=Tue, 30-Jan-2018 11:43:06 GMT; path=/; domain=.google.com NID=120=vucOA_gR3Qq31Fq-Thpgq4W6T9Luz9-4HkXNvTdUtNF-VN7k8e9ZS0svNqck1lgM4ALOzaY8sJd3X75KPSZPHGB8zjWmX4BY41OOJzbgROOhR04wQTEprh0_nogYmgQV; expires=Mon, 02-Jul-2018 11:43:06 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"


--- Additional Info ---
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
Cookie: 1P_JAR=2017-12-31-11; NID=120=vucOA_gR3Qq31Fq-Thpgq4W6T9Luz9-4HkXNvTdUtNF-VN7k8e9ZS0svNqck1lgM4ALOzaY8sJd3X75KPSZPHGB8zjWmX4BY41OOJzbgROOhR04wQTEprh0_nogYmgQV

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 31 Dec 2017 11:43:07 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    a0c5cf6b3e5dd44a6199d8c2bd94cac1
Sha1:   226e51b71ee146badac09265007a53f9dd68ad41
Sha256: 1d8f7052bf4c36195cbb45f5462fedd889b4822751e0a0fe58777f08563d1566
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM; __utma=152289967.1505523289.1514720586.1514720586.1514720586.1; __utmb=152289967.1.10.1514720586; __utmc=152289967; __utmz=152289967.1514720586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         69.64.147.242
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Last-Modified: Tue, 11 Jul 2017 18:10:18 GMT
Accept-Ranges: bytes
Etag: "0a1c1f370fad21:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:06 GMT
Content-Length: 3


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   3
Md5:    ecaa88f7fa0bf610a5a26cf545dcd3aa
Sha1:   57218c316b6921e2cd61027a2387edc31a2d9471
Sha256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 31 Dec 2017 11:43:07 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    35c071bafd3a139499f01a88801a2cbc
Sha1:   fb8461c3f91f3fa910f5def157ae990fcf952dcf
Sha256: 870e22d6f776815b19fa18dae072559a6410ad7ece5a68acb2efae7e1c24b681
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 31 Dec 2017 11:43:07 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    6bf50ec404fb4a8b4a94be8390d11938
Sha1:   0caaab7704d6221abc5e0342909a4928cee50b1c
Sha256: 63b592179b1e9a528344ce1d430b9479fc55f43420a468ec35aaeaa9dff911cf
                                        
                                            GET /adsid/integrator.js?domain=www.gamesevil.com HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe
Cookie: 1P_JAR=2017-12-31-11; NID=120=vucOA_gR3Qq31Fq-Thpgq4W6T9Luz9-4HkXNvTdUtNF-VN7k8e9ZS0svNqck1lgM4ALOzaY8sJd3X75KPSZPHGB8zjWmX4BY41OOJzbgROOhR04wQTEprh0_nogYmgQV

                                         
                                         172.217.22.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Sun, 31 Dec 2017 11:43:07 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   121
Md5:    15f1ad3a0371bc41d0ac03fa28748a1c
Sha1:   2456a9428cb604cf1bb814c89065d67f5e1e55dd
Sha256: c94dc69129a575ba7b38c407f38200d4eb8c76ec6eb60dbd9b4d3c4413219c17
                                        
                                            GET /adsid/integrator.js?domain=www.gamesevil.com HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         172.217.22.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Sun, 31 Dec 2017 11:43:07 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="41,39,38,37,35",hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   107
Md5:    5432a558d422eaeaa6f7e8a15c0c1134
Sha1:   252ee6dbb502fd998fbdc5721da5986b877f1c73
Sha256: e61d268069b171358cb5d545e31856cbc3ac2b995cff5e4f7043ae988dc44c6d
                                        
                                            GET /gk/prompt?t=a&site=kv4ic6olrzkr6&random=1514720587304&ref&token=NT HTTP/1.1 
Host: survey.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gamesevil.com/savemario/savemario.exe

                                         
                                         216.58.211.145
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Why: UserPrivacyInfo does not meet requirements to be served (LAT and/or OPT_OUT modifier).
X-XSS-Protection: 1; mode=block
Date: Sun, 31 Dec 2017 11:43:07 GMT
Content-Length: 23


--- Additional Info ---
Magic:  gzip compressed data
Size:   23
Md5:    f0d79988b7772c003d04a28bd7417a62
Sha1:   58423a999eec2997bcfffb247e9ecd3dfd0abf44
Sha256: 30e6fa98fb48c2b132824d1ac5e2243c0be9e9082ff32598d34d7687ca7f6c7f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.gamesevil.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: SessionID=ed13d92e-31d1-4bc9-96c9-a6b06e23a418; VisitorID=43eea4b3-e1c5-4d29-97f1-603983b27a04&Exp=12/31/2020 3:43:04 AM; __utma=152289967.1505523289.1514720586.1514720586.1514720586.1; __utmb=152289967.1.10.1514720586; __utmc=152289967; __utmz=152289967.1514720586.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Range: bytes=0-
If-Range: "0a1c1f370fad21:0"

                                         
                                         69.64.147.242
HTTP/1.1 206 Partial Content
Content-Type: image/x-icon
                                        
Last-Modified: Tue, 11 Jul 2017 18:10:18 GMT
Accept-Ranges: bytes
Etag: "0a1c1f370fad21:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 31 Dec 2017 11:43:07 GMT
Content-Length: 3
Content-Range: bytes 0-2/3


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   3
Md5:    ecaa88f7fa0bf610a5a26cf545dcd3aa
Sha1:   57218c316b6921e2cd61027a2387edc31a2d9471
Sha256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5