#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1476890268.65 1476890268.77 121 192.168.1.120 - 49166 52.49.115.83 80 http://rp.rudepedexe.com/?v=2.0&subver=6.21&pcrc=1985148332 2292 138 2080 4 163 120 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)' text/html; charset=UTF-8 POST 200 - - - - - - - CTU.197.1.Malicious 2 1476890268.65 1476890269.01 358 192.168.1.120 - 49165 54.229.133.176 80 http://os.rudepedexe.com/FusionCDBurnerXP/?v=6.0&c=1030847298&t=867156 1763 146724 1600 146186 103 524 'ICAS' text/plain POST 200 - - - - - - - CTU.197.1.Malicious 3 1476890280.54 1476890280.61 70 192.168.1.120 - 49167 46.166.187.59 80 http://cdneu.rudepedexe.com/ofr/Solululadul/asgnd.cis 237 507 0 0 197 493 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0; ICDM 2.1)' application/octet-stream HEAD 200 - - - - - - - CTU.197.1.Malicious 4 1476890280.75 1476890281.72 963 192.168.1.120 - 49168 50.115.122.45 80 http://cdnus.rudepedexe.com/ofr/Solululadul/asgnd.cis 215 101553 0 101029 176 497 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0; ICDM 2.1)' application/octet-stream GET 206 - - - - - - - CTU.197.1.Malicious 5 1476890281.66 1476890281.79 130 192.168.1.120 - 49169 46.166.187.59 80 http://cdneu.rudepedexe.com/ofr/Solululadul/asgnd.cis 215 101565 0 101029 176 509 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0; ICDM 2.1)' application/octet-stream GET 206 - - - - - - - CTU.197.1.Malicious 6 1476890286.93 1476890287.06 134 192.168.1.120 - 49170 46.166.187.59 80 http://cdneu.rudepedexe.com/ofr/Solululadul/asgnd.cis 192 101536 0 101029 153 493 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0; ICDM 2.1)' application/octet-stream GET 200 - - - - - - - CTU.197.1.Malicious 1 1476890304.5 1476890304.59 89 192.168.1.120 - 49166 52.49.115.83 80 http://rp.rudepedexe.com/?v=2.0&subver=6.21&pcrc=1501112100 3604 138 3392 4 163 120 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)' text/html; charset=UTF-8 POST 200 - - - - - - - CTU.197.1.Malicious 7 1476890333.41 1476890333.5 86 192.168.1.120 - 49171 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html 356 2339 0 1905 294 420 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.197.1.Malicious 7 1476890333.81 1476890333.87 60 192.168.1.120 - 49171 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/css/style.css 463 2451 0 2018 389 419 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/css GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 8 1476890333.82 1476890333.87 53 192.168.1.120 - 49172 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/public/js/functions.js 428 818 0 372 389 432 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 9 1476890334.11 1476890334.21 95 192.168.1.120 - 49174 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/public/js/functions.js 428 818 0 372 389 432 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 10 1476890334.11 1476890334.21 97 192.168.1.120 - 49173 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/css/style.css 463 2451 0 2018 389 419 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/css GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 9 1476890336.34 1476890336.38 42 192.168.1.120 - 49174 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/img/bullet.png 464 1233 0 800 389 419 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/png GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 10 1476890336.34 1476890336.43 90 192.168.1.120 - 49173 54.192.46.116 80 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/img/banner.png 464 182222 0 181786 389 422 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/png GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 11 1476890338.09 1476890338.17 75 192.168.1.120 - 49175 198.232.125.32 80 http://cdn.nadel56.us/scripts/1/adnl.min.js 410 24062 0 23612 375 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 12 1476890340.12 1476890340.39 274 192.168.1.120 - 49176 40.127.174.50 80 http://d.nadel56.us/api/vv/1?callback=cb_1476890339513&ts=1476890339493&sessionId=plgVQ&rfr=&siteId=208154&aus=8954,1,0 486 1765 0 1377 373 374 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript; charset=utf-8 GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 11 1476890340.6 1476890340.81 212 192.168.1.120 - 49175 198.232.125.32 80 http://cdn.nadel56.us/layouts/native_800x440.js?v=4.4.29 423 3494 0 3044 375 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 12 1476890342.8 1476890342.89 94 192.168.1.120 - 49176 40.127.174.50 80 http://d.nadel56.us/api/vp/1?clk=FghqCb-X1U4OOpNHCgbW_8L-40w0SJXJZJgw26OvevS1cce0NWPytjtMZoKA3_AqRiD24IMaWPtWsccdYaSVRQLgHEWyXpHqcx6H2I-Vb0JYbD_wXEgM-JplD8QjvRHL7K2Dyf4M3g0r2nAgqv75dMOG-ZG3R3fT_nK4nkju5GqaCIgAQajh8PIuLCozNJLOxd5ry3H6MOwmakHkP9_GqOWE9fZr87PRFWcG5dPhMx3YMr5W9ylh75T9F5tKGhL_uzkxVr7H35olsLjQC4D4kR8R7zRKb5LFFBtw2GsFqsPcyuwXgOhxQXTtUiGDEsoNBlncnAvcgPqm9mO0mJ0b3XreAay6S5HiYWg1Mg-4op2ib3NSMClY8jKdgB84nnL6hB_rMd2YtInz5dLzK0718xpUw3sEjz3VuszsIFTny20-ERJ8k7-p9OEKqIDytbOkITQ6Az45Sd1NHs-bsofqP1bMsFvkXo8Xl0AXEG_DvZE&rfr= 948 372 0 43 425 315 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 13 1476890342.89 1476890342.97 79 192.168.1.120 - 49177 198.232.124.20 80 http://cdn.castplatform.com/images/e7a4e4d2-ba80-4d3a-aa5a-077d077dfa84.gif 442 6779 0 6425 381 340 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif; charset=utf-8 GET 200 http://ic-dc.townpackagecentral.com/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.html - - - - - - CTU.197.1.Malicious 9 1476890349.05 1476890349.11 66 192.168.1.120 - 49174 54.192.46.116 80 http://ic-dc.townpackagecentral.com/favicon.ico 295 586 0 243 270 322 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/xml GET 403 - - - - - - - CTU.197.1.Malicious