Sorry Polonus, but I think you’re not right here.

This is a sign that there was either SpyEye dropper run or there is active SpyEye installed on that machine. This url is not the download, but the ‘call home’ - it comes directly from malware on that computer. It’s blocked and the malware can’t get ‘commands’ from the bot herder though.