#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1517928333.3001263 1517928333.3481479 48 192.168.1.114 - 49159 104.40.156.71 80 http://dlg-configs.buzzrin.de/ 320 289 0 0 305 275 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html HEAD 200 - - - - - - - CTU.334.1.Malicious 2 1517928333.3763778 1517928333.4847915 108 192.168.1.114 - 49160 104.40.156.71 80 http://dlg-configs.buzzrin.de/config-from-production 584 8677 200 8454 347 209 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/plain POST 200 - - - - - - - CTU.334.1.Malicious 3 1517928334.0213568 1517928334.0878026 66 192.168.1.114 - 49161 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 736 219 367 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 4 1517928334.0962803 1517928334.3792484 283 192.168.1.114 - 49162 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 782 219 413 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 5 1517928334.1577907 1517928334.47213 314 192.168.1.114 - 49163 93.184.221.200 80 http://az687722.vo.msecnd.net/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/base.zip 372 35130 0 34496 278 620 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 6 1517928334.3880749 1517928334.6775985 290 192.168.1.114 - 49165 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 781 219 412 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 7 1517928334.8877401 1517928335.1754644 288 192.168.1.114 - 49166 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 771 219 402 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 8 1517928335.184612 1517928335.2517447 67 192.168.1.114 - 49167 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 774 219 405 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 9 1517928334.16082 1517928335.538258 1377 192.168.1.114 - 49164 93.184.221.200 80 http://az687722.vo.msecnd.net/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/chip-eu-flow-5-text-en-us.zip 393 47821 0 47187 278 620 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 10 1517928336.7952752 1517928337.0658495 271 192.168.1.114 - 49168 93.184.221.200 80 http://az687722.vo.msecnd.net/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/progress.zip 376 86423 0 85789 278 620 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 11 1517928339.020369 1517928339.0946798 74 192.168.1.114 - 49169 93.184.221.200 80 http://az687722.vo.msecnd.net/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/my-pc-backup-single-avira-en-us.zip 399 46151 0 45517 278 620 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 12 1517928344.7485926 1517928344.8152332 67 192.168.1.114 - 49170 93.184.221.200 80 http://az687722.vo.msecnd.net/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/last.zip 372 38485 0 37851 278 620 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 13 1517928349.1493726 1517928349.2131724 64 192.168.1.114 - 49171 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 747 219 378 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 14 1517928349.2237797 1517928349.293719 70 192.168.1.114 - 49172 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 736 219 367 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 15 1517928349.3039482 1517928349.368945 65 192.168.1.114 - 49173 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 730 219 361 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 16 1517928361.1479785 1517928361.2165024 69 192.168.1.114 - 49174 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 757 219 388 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 17 1517928368.512374 1517928368.5640128 52 192.168.1.114 - 49176 104.40.156.71 80 http://dlg-configs.buzzrin.de/ 320 289 0 0 305 275 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html HEAD 200 - - - - - - - CTU.334.1.Malicious 18 1517928368.5121696 1517928368.8077836 296 192.168.1.114 - 49175 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 760 219 391 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 19 1517928368.8174415 1517928368.881486 64 192.168.1.114 - 49178 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 767 219 398 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 20 1517928368.7864754 1517928369.4967012 710 192.168.1.114 - 49177 94.31.29.41 80 http://random.backupcdn.com/aff_setup.exe 303 701 0 348 276 332 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=utf-8 GET 404 - - - - - - - CTU.334.1.Malicious 21 1517928368.8905716 1517928369.9553115 1065 192.168.1.114 - 49179 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 737 219 368 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 22 1517928369.8571534 1517928370.1068542 250 192.168.1.114 - 49180 148.251.236.184 80 http://ceu-hosting.upload.de/2/8/7/6/5/4/ftppad.exe 313 584111 0 583799 277 298 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/octet-stream GET 200 - - - - - - - CTU.334.1.Malicious 23 1517928370.9876902 1517928371.056713 69 192.168.1.114 - 49181 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 766 219 397 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 24 1517928371.0658765 1517928371.1371472 71 192.168.1.114 - 49182 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 740 219 371 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 25 1517928417.5275252 1517928417.5947175 67 192.168.1.114 - 49183 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 742 219 373 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 26 1517928417.6047993 1517928417.678266 73 192.168.1.114 - 49184 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 739 219 370 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 27 1517928503.7761922 1517928503.8407946 65 192.168.1.114 - 49185 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 741 219 372 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 28 1517928503.848694 1517928503.9128277 64 192.168.1.114 - 49186 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 738 219 369 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 29 1517928503.9237983 1517928504.9966204 1073 192.168.1.114 - 49187 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 733 219 364 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 30 1517928509.715329 1517928509.7876618 72 192.168.1.114 - 49188 104.40.188.185 80 http://dlg-messages.buzzrin.de/1/dg/3 735 219 366 0 348 205 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html POST 200 - - - - - - - CTU.334.1.Malicious 31 1517928512.4940648 1517928512.5398705 46 192.168.1.114 - 49189 148.251.236.185 80 http://download.chip.eu/thank-you/ 361 425 0 178 337 218 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 301 - - - - - http://loadion.com/thank-you/ - CTU.334.1.Malicious 32 1517928512.8969975 1517928512.945 48 192.168.1.114 - 49190 148.251.236.185 80 http://loadion.com/thank-you/ 356 5960 0 5588 332 358 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.334.1.Malicious 32 1517928513.1905203 1517928513.2402132 50 192.168.1.114 - 49190 148.251.236.185 80 http://loadion.com/thank-you/css/bootstrap.min.css 425 113966 0 113503 380 449 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/css GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 33 1517928513.4417608 1517928513.5103753 69 192.168.1.114 - 49191 148.251.236.185 80 http://loadion.com/thank-you/css/bootstrap.min.css 425 113966 0 113503 380 449 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/css GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 34 1517928514.8135211 1517928514.8714178 58 192.168.1.114 - 49194 172.217.23.226 80 http://pagead2.googlesyndication.com/pagead/show_ads.js 430 49754 0 49123 398 617 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript; charset=UTF-8 GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 33 1517928514.6869211 1517928514.969813 283 192.168.1.114 - 49191 148.251.236.185 80 http://loadion.com/thank-you/fonts/glyphicons-halflings-regular.eot? 443 20660 0 20335 380 311 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/vnd.ms-fontobject GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 35 1517928515.931238 1517928516.1603324 229 192.168.1.114 - 49193 23.111.10.137 443 https://oss.maxcdn.com/respond/1.4.2/respond.min.js 425 4944 0 4377 383 553 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=utf-8 GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 36 1517928515.8868406 1517928516.1841257 297 192.168.1.114 - 49192 23.111.10.137 443 https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js 429 3202 0 2636 383 552 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=utf-8 GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 37 1517928516.6495633 1517928516.6981175 49 192.168.1.114 - 49195 148.251.236.185 80 http://loadion.com/thank-you/img/logo.gif 416 2563 0 2170 380 379 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 38 1517928516.7518885 1517928516.7662551 14 192.168.1.114 - 49196 216.58.201.78 80 http://www.google-analytics.com/analytics.js 419 36486 0 35943 393 529 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 39 1517928516.8865552 1517928517.1630278 276 192.168.1.114 - 49197 172.217.23.226 443 https://adservice.google.cz/adsid/integrator.js?domain=loadion.com 440 1017 0 108 388 895 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=UTF-8 GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 40 1517928517.3574867 1517928517.614563 257 192.168.1.114 - 49198 172.217.23.226 443 https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9174195725990763.js 459 986 0 133 398 839 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 41 1517928517.9647129 1517928518.0401711 75 192.168.1.114 - 49199 172.217.23.226 443 https://adservice.google.com/adsid/integrator.js?domain=loadion.com 441 1017 0 108 389 895 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=UTF-8 GET 200 http://loadion.com/thank-you/ - - - - - - CTU.334.1.Malicious 42 1517928638.5315812 1517928638.5783372 47 192.168.1.114 - 49200 148.251.236.185 80 http://loadion.com/favicon.ico 325 1468 0 1150 300 304 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/vnd.microsoft.icon GET 200 - - - - - - - CTU.334.1.Malicious