I'm seeing lots of hits on this from all over the place including our
own servers:
META
--------
SID CID TimeStamp Signature
6 1983248 2005-10-06 11:46:30 WEB-CLIENT Windows Media Player 7+
ActiveX
Object Access
Sig ID
4156
Sensor Hostname Sensor Interface
hihi.insec.auckland.ac.nz new dmz sensor
IP
--------
Source Address Dest Address Ver Hdr Len
65.54.153.254 130.216.191.183 4 5
TOS length ID flags offset TTL chksum
0 1500 4984 2 0 115 53471
Resolved Source
secure.spaces.msn.com
Resolved Dest
gate1.ec.auckland.ac.nz
TCP
--------
Source Port Dest Port Seq Ack
80 39759 2796219062 3101585853
Offset Reserved Flags Window Checksum Urgent Ptr
8 0 16 17520 60498 0
Options
--------
None
Flags
--------
RB 1 RB 0 URG ACK PSH RST SYN FIN
X
DATA
--------
3D73617665726F772073 =saverow s
74796C653D2270616464 tyle="padd
696E673A302038203220 ing:0 8 2
38223E0D0A203C746162 8">.. <tab
6C652063656C6C737061 le cellspa
63696E673D3020626F72 cing=0 bor
6465723D303E0D0A203C der=0>.. <
74723E0D0A203C746420 tr>.. <td
77696474683D31303025 width=100%
3E3C2F74643E0D0A203C ></td>.. <
7464206E6F777261703E td nowrap>
3C6120636C6173733D22 <a class="
4D504564697461222068 MPEdita" h
7265663D22687474703A ref="http:
2F2F7370616365732E6D //spaces.m
736E2E636F6D2F6D656D sn.com/mem
626572732F71696E7169 bers/qinqi
6E416E6E69652F506572 nAnnie/Per
736F6E616C5370616365 sonalSpace
2E617370783F5F633031 .aspx?_c01
5F6D656D62657270726F _memberpro
66696C6574696C653D73 filetile=s
686F7764656661756C74 howdefault
265F633D6D656D626572 &_c=member
70726F66696C6574696C profiletil
65223E56696577207072 e">View pr
6F66696C652064657461 ofile deta
696C733C2F613E3C2F74 ils</a></t
643E0D0A203C2F74723E d>.. </tr>
0D0A203C2F7461626C65 .. </table
3E0D0A203C2F74643E0D >.. </td>.
0A203C2F74723E0D0A20 . </tr>..
3C2F7461626C653E3C2F </table></
7370616365733A776964 spaces:wid
6765743E3C7370616365 get><space
733A7769646765742069 s:widget i
643D224D65646961506C d="MediaPl
6179657222204D756C74 ayer" Mult
69496E7374616E63653D iInstance=
2246616C73652220636C "False" cl
6173733D2246756C6C52 ass="FullR
6567696F6E5769647468 egionWidth
2220506C6163656D656E " Placemen
743D22416E7977686572 t="Anywher
6522204D6F7661626C65 e" Movable
3D2254727565223E3C64 ="True"><d
69762069643D225F6374 iv id="_ct
6C335F4D6F64756C6548 l3_ModuleH
65616465725F4D61696E eader_Main
50616E656C223E0D0A09 Panel">...
3C7461626C652063656C <table cel
6C73706163696E673D22 lspacing="
302220636C6173733D22 0" class="
70686561646572222062 pheader" b
6F726465723D30207374 order=0 st
796C653D225749445448 yle="WIDTH
3A313030252220686569 :100%" hei
6768743D223232223E0D ght="22">.
0A203C74723E0D0A203C . <tr>.. <
746420636C6173733D22 td class="
6D6F645F746C63222077 mod_tlc" w
696474683D36206E6F77 idth=6 now
7261703E266E6273703B rap>
3C2F74643E0D0A203C74 </td>.. <t
642077696474683D2231 d width="1
3030252220636C617373 00%" class
3D226D6F646865616422 ="modhead"
3E0D0A203C7461626C65 >.. <table
2063656C6C7370616369 cellspaci
6E673D22302220776964 ng="0" wid
74683D22313030252220 th="100%"
636C6173733D22666978 class="fix
65645461626C65207061 edTable pa
7274686561646572223E rtheader">
0D0A203C74723E0D0A20 .. <tr>..
3C74642069643D222220 <td id=""
636C6173733D22626F6C class="bol
6420656C6C6970736520 d ellipse
7061727444657461696C partDetail
22206E6F777261703E57 " nowrap>W
696E646F7773204D6564 indows Med
696120506C617965723C ia Player<
2F74643E0D0A203C7464 /td>.. <td
2020636C6173733D2270 class="p
61727442756666657222 artBuffer"
20616C69676E3D227269 align="ri
67687422206E6F777261 ght" nowra
703E3C2F74643E0D0A20 p></td>..
3C2F74723E0D0A203C2F </tr>.. </
7461626C653E0D0A200D table>.. .
0A203C2F74643E0D0A20 . </td>..
3C746420636C6173733D <td class=
226D6F645F7472632220 "mod_trc"
77696474683D36206E6F width=6 no
777261703E266E627370 wrap>
3B3C2F74643E0D0A203C ;</td>.. <
2F74723E3C2F7461626C /tr></tabl
653E0D0A0D0A3C2F6469 e>....</di
763E3C7461626C652049 v><table I
443D2250544D65646961 D="PTMedia
506C61796572436F6E74 PlayerCont
61696E65722220436C61 ainer" Cla
73733D2270617274736D ss="partsm
62206F70617175655061 b opaquePa
72744D61696E2220626F rtMain" bo
726465723D2230222063 rder="0" c
656C6C70616464696E67 ellpadding
3D2230222063656C6C73 ="0" cells
706163696E673D223022 pacing="0"
2077696474683D223130 width="10
3025223E0D0A203C7472 0%">.. <tr
3E0D0A203C746420616C >.. <td al
69676E3D2263656E7465 ign="cente
72223E0D0A203C6F626A r">.. <obj
6563742077696474683D ect width=
2231303025220D0A200D "100%".. .
0A20636C61737369643D . classid=
22636C7369643A364246 "clsid:6BF
35324135322D33393441 52A52-394A
2D313144332D42313533 -11D3-B153
2D303043303446373946 -00C04F79F
414136222069643D2250 AA6" id="P
544D65646961506C6179 TMediaPlay
6572223E0D0A203C7061 er">.. <pa
72616D206E616D653D22 ram name="
55524C222076616C7565 URL" value
3D22687474703A2F2F63 ="http://c
6C69636B2E737564612E lick.suda.
6564752E636E2F6D7033 edu.cn/mp3
2F67616E677461692F66 /gangtai/f
656D616C652F63616979 emale/caiy
696C696E672F6368656E iling/chen
62616F2F31302E6D7033 bao/10.mp3
223E0D0A203C70617261 ">.. <para
6D206E616D653D227261 m name="ra
7465222076616C75653D te" value=
2231223E0D0A203C7061 "1">.. <pa
72616D206E616D653D22 ram name="
63757272656E74506F73 currentPos
6974696F6E222076616C ition" val
75653D2230223E0D0A20 ue="0">..
3C706172616D206E616D <param nam
653D22706C6179436F75 e="playCou
6E74222076616C75653D nt" value=
2231223E0D0A203C "1">.. <
DATA
--------
=saverow style="padding:0 8 2 8">.. <table cellspacing=0 bor
der=0>.. <tr>.. <td width=100%></td>.. <td nowrap><a class="
MPEdita" href="http://spaces.msn.com/members/qinqinAnnie/Per
sonalSpace.aspx?_c01_memberprofiletile=showdefault&_c=member
profiletile">View profile details</a></td>.. </tr>.. </table
.. </td>.. </tr>.. </table></spaces:widget><spaces:widget i
d="MediaPlayer" MultiInstance="False" class="FullRegionWidth
" Placement="Anywhere" Movable="True"><div id="_ctl3_ModuleH
eader_MainPanel">...<table cellspacing="0" class="pheader" b
order=0 style="WIDTH:100%" height="22">.. <tr>.. <td class="
mod_tlc" width=6 nowrap> </td>.. <td width="100%" class
="modhead">.. <table cellspacing="0" width="100%" class="fix
edTable partheader">.. <tr>.. <td id="" class="bold ellipse
partDetail" nowrap>Windows Media Player</td>.. <td class="p
artBuffer" align="right" nowrap></td>.. </tr>.. </table>.. .
. </td>.. <td class="mod_trc" width=6 nowrap> </td>.. <
/tr></table>....</div><table ID="PTMediaPlayerContainer" Cla
ss="partsmb opaquePartMain" border="0" cellpadding="0" cells
pacing="0" width="100%">.. <tr>.. <td align="center">.. <obj
ect width="100%".. .. classid="clsid:6BF52A52-394A-11D3-B153
-00C04F79FAA6" id="PTMediaPlayer">.. <param name="URL" value
="http://click.suda.edu.cn/mp3/gangtai/female/caiyiling/chen
bao/10.mp3">.. <param name="rate" value="1">.. <param name="
currentPosition" value="0">.. <param name="playCount" value=
"1">.. <
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
