Snort mailing list archives

Unknown EK

From: Community Proposed <lists () packetmail net>
Date: Tue, 2 Jul 2013 17:42:12 -0500

Unknown malvertising EK campaign isolated with 205.185.158.219 and
205.185.158.220 which pDNS shows pointed only to piksmedia.com and
clearmetric.net respectively.  The PCRE produces a few benign false positives,
considering the cost/risk the PCRE is worth it.  Might be able to get away with
some proxy blocks on this one.  Popular hosts such as BBC are being used.

Global Hosts identified:
*.piksmedia.com
*.clearmetric.net
205.185.158.219
205.185.158.220

Global URLs identified:
*/app.jar
*/cm2.jar

RegEx:
regex((?-i)http:\/\/[^\x2f]+\/[a-z]{1,6}\d?\/[a-f0-9]{8,10}\.htm$)  Unknown EK
initial landing and stage-1

Validation, as well as hits, after expansion and contraction of search criteria
for this campaign :

select date_time, http_status, media_type, url_body_size, dest_ip, url,
url_referrer, user_agent
from webwasher_full where day>='2013-06-01' and http_status <> '407' and
(url rlike 'http:\\/\\/[^\\x2f]+\\/[a-z]{1,6}\\d?\\/[a-f0-9]{8}\\.htm$' or url
like '%/app.jar' or url like '%/cm2.jar' or dest_ip like '205.185.158.219' or
dest_ip like '205.185.158.220');

{See attached Unknown_EK.tsv please note HTTP Referers and UAs}

PCRE Validation
select date_time, http_status, media_type, url_body_size, dest_ip, url,
url_referrer, user_agent
from webwasher_full where day>='2013-06-01' and http_status <> '407' and
(url rlike 'http:\\/\\/[^\\x2f]+\\/[a-z]{1,6}\\d?\\/[a-f0-9]{8}\\.htm$');

{See attached PCRE_Validation.tsv please note HTTP Referers and UAs}

Looking at the PCAP {see attached} this signature may be good to match the
payload, but these signatures are untested and I am coming off a long day and
my eyes are shot.  They may need some TLC:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"VRT COMMUNITY
Unknown Malvertising Exploit Kit Hostile Jar pipe.class";
flow:established,from_server; 
file_data; content:"PK"; depth:0; 
content:"|00|pipe.class"; fast_pattern; distance:0; 
content:"|00|inc.class"; distance:0; 
content:"|00|fdp.class"; distance:0; 
classtype:trojan-activity; sid:x; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"VRT COMMUNITY
Unknown Malvertising Exploit Kit stage-1 redirect";
flow:established,from_server; 
content:"<html><body><script>|0a|var "; fast_pattern; 
content;"document.createElement("; within:80; 
content:".setAttribute(|22|archive|22|, "; within:65; 
content:".setAttribute(|22|codebase|22|, "; within:65; 
content:".setAttribute(|22|id|22|, "; within:65; 
content:".setAttribute(|22|code|22|, "; within:65; 
content:"|22|)|3b 0a|document.body.appendChild("; within:65; 
content:"</script>|0a|</body>|0a|</html>|0a 0a|"; 
classtype:trojan-activity; sid:x; rev:1;)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"VRT COMMUNITY
Unknown Malvertising Exploit Kit Hostile Jar app.jar";
flow:established,to_server; 
content:"/app.jar"; http_uri; 
content:") Java/"; http_header; 
classtype:trojan-activity; sid:x; rev:1;)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"VRT COMMUNITY
Unknown Malvertising Exploit Kit Hostile Jar cm2.jar";
flow:established,to_server; 
content:"/cm2.jar"; http_uri; 
content:") Java/"; http_header; 
classtype:trojan-activity; sid:x; rev:1;)

Cheers,
Nathan

Attachment: UnknownEK_Inet.pcap
Description:

date_time	http_status	media_type	url_body_size	dest_ip	url	url_referrer	user_agent
[01/Jul/2013:12:17:53 -0600]	301	text/html	350	218.30.109.70	http://newhouse.sh.soufun.com/house/1211079248.htm	http://shdesign.soufun.com/zxx/2013web/ksscyd/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)
[01/Jul/2013:12:19:13 -0600]	200	text/html	296	218.30.109.70	http://sh.loupans.soufun.com/house/1211079248.htm	http://yuedusc.soufun.com/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)
[01/Jul/2013:16:27:35 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/f81f5df7.htm	http://www.abante.com.ph/issue/jul0213/abroad03.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[01/Jul/2013:16:27:35 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/61160c4d.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[01/Jul/2013:16:27:36 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1156289310.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[02/Jul/2013:10:10:04 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://timesofindia.indiatimes.com/tech/tech-news/software-services/HP-beats-TCS-Wipro-to-win-Rs-400-crore-Corporation-Bank-deal/articleshow/20879889.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[02/Jul/2013:10:10:04 -0600]	200	text/html	323	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[02/Jul/2013:10:10:05 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/30073297.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[02/Jul/2013:10:48:02 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://timesofindia.indiatimes.com/nri/us-canada-news/How-much-should-Indian-Americans-invest-in-India/articleshow/20877971.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:10:48:03 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:10:48:04 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1942886168.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:10:59:22 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.ndtv.com/article/world/asylum-options-narrow-further-for-edward-snowden-387110?pfrom=home-lateststories	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:10:59:22 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:10:59:23 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/193497542.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:11:48:35 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.bbc.co.uk/news/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[02/Jul/2013:11:48:35 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[02/Jul/2013:11:48:35 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/221819824.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[02/Jul/2013:14:08:29 -0600]	200	0	396	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:08:35 -0600]	200	0	338	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5382.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:38 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:39 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:39 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:25:41 -0600]	200	0	7138	82.208.46.164	http://filexis.com/pad/04041137.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[07/Jun/2013:08:10:58 -0600]	200	text/html	19322	174.132.22.20	http://videos.wisegeek.org/videos/517569640.htm	http://www.wisegeek.org/what-is-serotonin.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
[08/Jun/2013:13:23:24 -0600]	403	0	4558	82.208.46.164	http://filexis.com/pad/04019203.htm	http://pianotte.szm.com/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[10/Jun/2013:11:38:18 -0600]	200	text/html	258434	64.154.62.195	http://www.journalofaccountancy.com/web/20126684.htm	0	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
[10/Jun/2013:13:35:55 -0600]	200	text/html	28517	209.200.68.33	http://www.drdonnica.com/today/00009167.htm	http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=9&ved=0CGkQFjAI&url=http%3A%2F%2Fwww.drdonnica.com%2Ftoday%2F00009167.htm&ei=iSq2UY-COsmdqgHKgYGwDw&usg=AFQjCNF_sXcgOKHOW6B0CKKh-k7utnF7kQ&bvm=bv.47534661,d.aWM	Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0
[14/Jun/2013:15:14:46 -0600]	200	text/html	20646	174.132.22.20	http://videos.wisegeek.com/videos/271205227.htm	http://www.wisegeek.com/what-is-a-subfloor.htm	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
[14/Jun/2013:15:15:10 -0600]	200	text/html	20542	174.132.22.20	http://videos.wisegeek.com/videos/271205227.htm	http://www.wisegeek.com/what-is-a-subfloor.htm	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
[17/Jun/2013:10:27:49 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/1563070429.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:10:27:49 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/b0fd5381.htm	http://www.bbc.co.uk/news/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:10:27:49 -0600]	200	text/html	321	205.185.158.219	http://cm2.clearmetric.net/geo/29f4023b.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:10:31:26 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/838947187.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:10:31:26 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/b0fd5381.htm	http://www.bbc.co.uk/sport/0/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:10:31:26 -0600]	200	text/html	320	205.185.158.219	http://cm2.clearmetric.net/geo/29f4023b.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:11:55:48 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/3c346f67.htm	http://timesofindia.indiatimes.com/international-home	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[17/Jun/2013:12:51:41 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/5eddd374.htm	http://timesofindia.indiatimes.com/world/us/B-Raman-Indias-seasoned-spymaster-and-trenchant-US-critic-dies-at-77/articleshow/20628240.cms?	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[17/Jun/2013:15:36:47 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/391449808.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:36:47 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	http://www.abs-cbnnews.com/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:36:47 -0600]	200	text/html	320	205.185.158.219	http://cm2.clearmetric.net/geo/61160c4d.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:46:46 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/1004218151.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[17/Jun/2013:15:46:46 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	http://pep.ph/news/39110/vilma-santos-gets-deglamorized-slapped-kicked-and-burnt-in-ekstrathe-bit-player-youtube-teaser-trailer-gains-strong-following	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[17/Jun/2013:15:46:46 -0600]	200	text/html	321	205.185.158.219	http://cm2.clearmetric.net/geo/61160c4d.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[17/Jun/2013:16:10:05 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/1952d893.htm	http://timesofindia.indiatimes.com/tech/tech-news/hardware/How-your-future-TV-may-look-like/articleshow/20626276.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[18/Jun/2013:15:11:03 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.abs-cbnnews.com/entertainment/06/18/13/nora-jericho-lead-36th-gawad-urian-winners	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:11:03 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:11:03 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/152254420.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:55 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.mamamia.com.au/social/lets-all-laugh-at-the-stupid-beauty-queen-shall-we/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:55 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:56 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1617999990.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:16:20:49 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/f81f5df7.htm	http://www.abante.com.ph/issue/jun1913/abroad03.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:16:20:49 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/61160c4d.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:16:20:49 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/103535764.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:18:49 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.abs-cbnnews.com/entertainment/06/18/13/daiana-cries-benjo-made-me-look-stupid-interview	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:18:50 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:18:50 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1461090056.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:33:33 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.interaksyon.com/article/64245/photo--police-release-mugshots-of-cops-allegedly-involved-in-criminal-activity	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:33:34 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:33:34 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/170568756.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[29/Jun/2013:11:19:38 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04029284.htm	http://pianotte.szm.com/A.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[29/Jun/2013:11:19:58 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04031293.htm	http://pianotte.szm.com/J.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[29/Jun/2013:11:19:58 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04041137.htm	http://pianotte.szm.com/J.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)

date_time	http_status	media_type	url_body_size	dest_ip	url	url_referrer	user_agent
[17/Jun/2013:12:48:29 -0600]	200	0	201	205.185.158.219	http://clearmetric.net/	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[17/Jun/2013:12:48:29 -0600]	404	0	479	205.185.158.219	http://clearmetric.net/favicon.ico	http://clearmetric.net/	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[17/Jun/2013:15:46:46 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/1004218151.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[17/Jun/2013:10:27:49 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/1563070429.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:15:36:47 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/391449808.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:10:31:26 -0600]	200	text/html	587	205.185.158.219	http://cm2.clearmetric.net/cb/838947187.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[02/Jul/2013:14:21:45 -0600]	502	0	3264	205.185.158.219	http://cm2.clearmetric.net/cm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:45 -0600]	502	0	3264	205.185.158.219	http://cm2.clearmetric.net/cm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:46 -0600]	502	0	3264	205.185.158.219	http://cm2.clearmetric.net/cm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[17/Jun/2013:16:10:05 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/1952d893.htm	http://timesofindia.indiatimes.com/tech/tech-news/hardware/How-your-future-TV-may-look-like/articleshow/20626276.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[17/Jun/2013:11:55:48 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/3c346f67.htm	http://timesofindia.indiatimes.com/international-home	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[17/Jun/2013:12:51:41 -0600]	200	text/html	396	205.185.158.219	http://cm2.clearmetric.net/cm/5eddd374.htm	http://timesofindia.indiatimes.com/world/us/B-Raman-Indias-seasoned-spymaster-and-trenchant-US-critic-dies-at-77/articleshow/20628240.cms?	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[17/Jun/2013:10:27:49 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/b0fd5381.htm	http://www.bbc.co.uk/news/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:10:31:26 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/b0fd5381.htm	http://www.bbc.co.uk/sport/0/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:36:47 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	http://www.abs-cbnnews.com/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:46:46 -0600]	200	text/html	1043	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	http://pep.ph/news/39110/vilma-santos-gets-deglamorized-slapped-kicked-and-burnt-in-ekstrathe-bit-player-youtube-teaser-trailer-gains-strong-following	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[02/Jul/2013:14:21:38 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:39 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:39 -0600]	502	0	3277	205.185.158.219	http://cm2.clearmetric.net/cm/f81f5df7.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[17/Jun/2013:10:27:53 -0600]	403	0	4383	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:10:27:53 -0600]	403	0	4383	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:10:27:53 -0600]	403	0	4383	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:10:27:54 -0600]	403	0	4383	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:15:36:52 -0600]	403	0	4442	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:10:31:31 -0600]	403	0	4383	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:15:46:47 -0600]	403	0	4441	205.185.158.219	http://cm2.clearmetric.net/cm2.jar	0	Mozilla/4.0 (compatible; MSIE 6.0; Win32)
[02/Jul/2013:14:21:40 -0600]	502	0	3273	205.185.158.219	http://cm2.clearmetric.net/favicon.ico	http://cm2.clearmetric.net/cm/f81f5df7.htm	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:40 -0600]	502	0	3273	205.185.158.219	http://cm2.clearmetric.net/favicon.ico	http://cm2.clearmetric.net/cm/f81f5df7.htm	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:14:21:41 -0600]	502	0	3273	205.185.158.219	http://cm2.clearmetric.net/favicon.ico	http://cm2.clearmetric.net/cm/f81f5df7.htm	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[17/Jun/2013:10:27:49 -0600]	200	text/html	321	205.185.158.219	http://cm2.clearmetric.net/geo/29f4023b.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[17/Jun/2013:10:31:26 -0600]	200	text/html	320	205.185.158.219	http://cm2.clearmetric.net/geo/29f4023b.htm	http://cm2.clearmetric.net/cm/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:36:47 -0600]	200	text/html	320	205.185.158.219	http://cm2.clearmetric.net/geo/61160c4d.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
[17/Jun/2013:15:46:46 -0600]	200	text/html	321	205.185.158.219	http://cm2.clearmetric.net/geo/61160c4d.htm	http://cm2.clearmetric.net/cm/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)
[17/Jun/2013:10:27:54 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:10:27:54 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[17/Jun/2013:15:36:52 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:15:36:53 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:10:31:31 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:10:31:31 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[17/Jun/2013:15:46:47 -0600]	404	text/html	482	205.185.158.219	http://cm2.clearmetric.net/pipe.class	0	Mozilla/4.0 (compatible; MSIE 6.0; Win32)
[08/Jun/2013:13:23:24 -0600]	403	0	4558	82.208.46.164	http://filexis.com/pad/04019203.htm	http://pianotte.szm.com/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[29/Jun/2013:11:19:38 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04029284.htm	http://pianotte.szm.com/A.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[29/Jun/2013:11:19:58 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04031293.htm	http://pianotte.szm.com/J.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[29/Jun/2013:11:19:58 -0600]	403	0	4562	82.208.46.164	http://filexis.com/pad/04041137.htm	http://pianotte.szm.com/J.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[02/Jul/2013:13:20:37 -0600]	200	text/html	201	205.185.158.220	http://pm.piksmedia.com/	0	Ruby
[02/Jul/2013:13:20:33 -0600]	200	text/html	201	205.185.158.220	http://pm.piksmedia.com/	0	Ruby
[02/Jul/2013:13:20:35 -0600]	200	text/html	201	205.185.158.220	http://pm.piksmedia.com/	0	Ruby
[02/Jul/2013:13:20:34 -0600]	200	text/html	201	205.185.158.220	http://pm.piksmedia.com/	0	Ruby
[02/Jul/2013:13:20:34 -0600]	200	text/html	201	205.185.158.220	http://pm.piksmedia.com/	0	Ruby
[02/Jul/2013:14:08:30 -0600]	404	0	480	205.185.158.220	http://pm.piksmedia.com/favicon.ico	http://pm.piksmedia.com/pks/b0fd5381.htm	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[18/Jun/2013:17:33:38 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (compatible; MSIE 8.0; Win32)
[18/Jun/2013:16:20:50 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[18/Jun/2013:16:20:51 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[18/Jun/2013:15:11:04 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (compatible; MSIE 6.0; Win32)
[18/Jun/2013:15:37:06 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[18/Jun/2013:15:37:06 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[02/Jul/2013:10:10:14 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[02/Jul/2013:10:10:14 -0600]	404	text/html	479	205.185.158.220	http://pm.piksmedia.com/pipe.class	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[18/Jun/2013:17:18:54 -0600]	200	text/html	61327	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_20-rev
[18/Jun/2013:17:33:37 -0600]	404	text/html	345	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (compatible; MSIE 8.0; Win32)
[18/Jun/2013:16:20:50 -0600]	404	text/html	345	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[18/Jun/2013:15:11:04 -0600]	404	text/html	345	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (compatible; MSIE 6.0; Win32)
[18/Jun/2013:15:37:06 -0600]	404	text/html	345	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[02/Jul/2013:10:48:10 -0600]	200	text/html	88220	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_20-rev
[02/Jul/2013:10:10:13 -0600]	404	text/html	345	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.5.0_18
[02/Jul/2013:10:59:26 -0600]	200	text/html	88220	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_20-rev
[02/Jul/2013:13:51:40 -0600]	404	text/html	403	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Ruby
[02/Jul/2013:13:51:38 -0600]	404	text/html	403	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Ruby
[02/Jul/2013:13:51:39 -0600]	404	text/html	403	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Ruby
[02/Jul/2013:11:48:44 -0600]	200	text/html	88220	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_24
[02/Jul/2013:13:51:39 -0600]	404	text/html	403	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Ruby
[02/Jul/2013:13:51:39 -0600]	404	text/html	403	205.185.158.220	http://pm.piksmedia.com/pks/app.jar	0	Ruby
[18/Jun/2013:17:18:49 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.abs-cbnnews.com/entertainment/06/18/13/daiana-cries-benjo-made-me-look-stupid-interview	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:33:33 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.interaksyon.com/article/64245/photo--police-release-mugshots-of-cops-allegedly-involved-in-criminal-activity	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:15:11:03 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.abs-cbnnews.com/entertainment/06/18/13/nora-jericho-lead-36th-gawad-urian-winners	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:55 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.mamamia.com.au/social/lets-all-laugh-at-the-stupid-beauty-queen-shall-we/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[02/Jul/2013:10:48:02 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://timesofindia.indiatimes.com/nri/us-canada-news/How-much-should-Indian-Americans-invest-in-India/articleshow/20877971.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:10:10:04 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://timesofindia.indiatimes.com/tech/tech-news/software-services/HP-beats-TCS-Wipro-to-win-Rs-400-crore-Corporation-Bank-deal/articleshow/20879889.cms	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[02/Jul/2013:14:08:29 -0600]	200	0	396	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[02/Jul/2013:10:59:22 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.ndtv.com/article/world/asylum-options-narrow-further-for-edward-snowden-387110?pfrom=home-lateststories	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:11:48:35 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5381.htm	http://www.bbc.co.uk/news/	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[02/Jul/2013:14:08:35 -0600]	200	0	338	205.185.158.220	http://pm.piksmedia.com/pks/b0fd5382.htm	0	Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15
[01/Jul/2013:16:27:35 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/f81f5df7.htm	http://www.abante.com.ph/issue/jul0213/abroad03.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:16:20:49 -0600]	200	text/html	1044	205.185.158.220	http://pm.piksmedia.com/pks/f81f5df7.htm	http://www.abante.com.ph/issue/jun1913/abroad03.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:18:50 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:33:34 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:15:11:03 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:55 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[02/Jul/2013:10:48:03 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:10:10:04 -0600]	200	text/html	323	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[02/Jul/2013:10:59:22 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:11:48:35 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/29f4023b.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[01/Jul/2013:16:27:35 -0600]	200	text/html	325	205.185.158.220	http://pm.piksmedia.com/pks2/61160c4d.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:16:20:49 -0600]	200	text/html	324	205.185.158.220	http://pm.piksmedia.com/pks2/61160c4d.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:16:20:49 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/103535764.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[01/Jul/2013:16:27:36 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1156289310.htm	http://pm.piksmedia.com/pks/f81f5df7.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:17:18:50 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1461090056.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[18/Jun/2013:15:11:03 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/152254420.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:15:36:56 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1617999990.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
[18/Jun/2013:17:33:34 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/170568756.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[02/Jul/2013:10:59:23 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/193497542.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
[02/Jul/2013:10:48:04 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/1942886168.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbGET-SRS/5.12.2.16752)
[02/Jul/2013:11:48:35 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/221819824.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET4.0C; .NET4.0E)
[02/Jul/2013:10:10:05 -0600]	200	text/html	591	205.185.158.220	http://pm.piksmedia.com/pksapp/30073297.htm	http://pm.piksmedia.com/pks/b0fd5381.htm	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E; AskTbWBG/5.15.25.44892)
[10/Jun/2013:13:35:55 -0600]	200	text/html	28517	209.200.68.33	http://www.drdonnica.com/today/00009167.htm	http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=9&ved=0CGkQFjAI&url=http%3A%2F%2Fwww.drdonnica.com%2Ftoday%2F00009167.htm&ei=iSq2UY-COsmdqgHKgYGwDw&usg=AFQjCNF_sXcgOKHOW6B0CKKh-k7utnF7kQ&bvm=bv.47534661,d.aWM	Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0
[10/Jun/2013:11:38:18 -0600]	200	text/html	258434	64.154.62.195	http://www.journalofaccountancy.com/web/20126684.htm	0	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Unknown EK Community Proposed (Jul 02)
- Re: Unknown EK Joel Esler (Jul 02)
  - Re: Unknown EK lists () packetmail net (Jul 02)
- Re: Unknown EK Joel Esler (Jul 09)
  - Re: Unknown EK lists () packetmail net (Jul 09)