what is this strange link

Fri Jul 23 09:31:04 MST 2010

Which domain?  It looks like it passed through several. Personally I think
somethng somewhere stripped something out of the message hopefully for a
good reason.  I don't think it is worth more effort to pursue.  However, in
case someone has their curiosity aflame here is the source (names and most
of the jpeg edited out):

>From - Mon Jul 19 15:10:53 2010
X-Account-Key: account1
X-UIDL: 22940.p,6hryPqNWS8ECwRaUwx+QsuOU0=
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Return-Path: xxxxxxx at mchsi.com
Received: from dsmdc-mail-bxga3-svc.mcomdc.com (LHLO dsmdc-mail-bxga4)
(10.4.20.196) by dsmdc-mail-mbs12-svc.mcomdc.com with LMTP; Mon, 19 Jul
2010 13:17:50 -0500 (CDT)
Received: from dsmdc-mail-mbs6-svc.mcomdc.com ([97.64.187.47])
by dsmdc-mail-bxga4 with bizsmtp
id jvo11e00D11nQh501vo1sq; Mon, 19 Jul 2010 14:48:01 -0500
X-Authority-Analysis: v=1.1 cv=vCs5kl2kX19jmXm+zSBWD6jXS7zim8pageeGUzvImnM=
c=1 sm=1 a=Xgx1Tm3OgQcA:10 a=FKkrIqjQGGEA:10 a=6+LW9L2C7c3kR1/iXZnDzQ==:17
a=nIsmUe1uAAAA:8 a=Hd4JvI9PAAAA:8 a=FBdnhxGjns9daqw2kDcA:9
a=bXvI723Xiyd9M6vKOq0BU9VOGjgA:4 a=QEXdDO2ut3YA:10 a=0NvF2V1XgBsA:10
a=fgaDyQ9hHf4A:10 a=ga02sU-nzH0TIi41M8AA:9 a=rIonuNpdNswE7DHUNnoA3NjZD9IA:4
a=KQqxNPgzF0kA:10 a=aKCJsZssqKM4jX8A:18 a=6+LW9L2C7c3kR1/iXZnDzQ==:117
Date: Mon, 19 Jul 2010 13:17:50 -0500 (CDT)
From: xxxxxxx at mchsi.com
To: "me" <xxx_me_xxx at mchsi.com>
Message-ID: <941696708.1676541279563470145.JavaMail.root at dsmdc-mail-mbs6>
In-Reply-To: <
FDE1EC0C18A70749B590FF3B977B6D83012AAA6B at rp-exch2003.royal.dest1.com>
Subject: Fwd: Funny one!
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_45745_587393387.1279563470137"
X-Originating-IP: [10.4.20.181]
X-Mailer: Zimbra 5.0.19_GA_3083.RHEL5_64 (ZimbraWebClient - FF3.0
(Win)/5.0.19_GA_3083.RHEL5_64)

------=_Part_45745_587393387.1279563470137
Content-Type: multipart/alternative;
boundary="----=_Part_45746_338330050.1279563470137"

------=_Part_45746_338330050.1279563470137
Content-Type: multipart/related;
boundary="----=_Part_45747_1923936741.1279563470137"

------=_Part_45747_1923936741.1279563470137
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

----- Forwarded Message -----
From: "xxxxxxxxxxxx" <xxxxxxxx at destinationhotels.com>
To: xxxxxxx at mchsi.com
Sent: Monday, July 19, 2010 8:19:26 AM GMT -07:00 U.S. Mountain Time
(Arizona)
Subject: Funny one!

My wife was stopped for excessive speeding yesterday!

She thought she could talk her way out of a ticket until the officer looked
at our dog in the back seat..

cid:82E5A786026D48CFB93EDE028A88F0EB at SportdocPC

------=_Part_45747_1923936741.1279563470137
Content-Type: image/jpeg; name=image001.jpg
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=image001.jpg
Content-Description: image001.jpg
Content-ID: <image001.jpg at 01CB271B.1A0D9890>

/9j/4AAQSkZJRgABAQEASABIAAD//gAMQXBwbGVNYXJrCv/bAIQABwUFBgUFBwYGBggHBwgKEQsK
CQkKFA8PDBEYFRkZFxUXFxodJSAaHCMcFxchLCEjJygqKioZHy4xLSkxJSkqKAEHCAgKCQoTCwsT
---------------<snip>----------------
UBegPmgon86necKg3UE0Ek/mepo3iq2407NAFjzPejzKq5p4figCfzKPM5qDfR5xBoEXUn+WnefV
QXIx/wDWpftI/wAigk//2Q==
------=_Part_45747_1923936741.1279563470137--

------=_Part_45746_338330050.1279563470137--

------=_Part_45745_587393387.1279563470137--

On Fri, Jul 23, 2010 at 9:00 AM, Stephen <cryptworks at gmail.com> wrote:

> you try contacting the admin of the domain about it?
>
> On Wed, Jul 21, 2010 at 9:24 AM, Dazed_75 <lthielster at gmail.com> wrote:
> > I appreciate the info but I'm not sure it explains anything.  My
> suspicion
> > is that it might be a link to some embedded malware or something nasty.
> The
> > fact that hovering the mouse over the link shows the resolution to be
> > "about:blank" and that there was an image attached to the email make me
> > wonder if it might point to something embedded in the image that purports
> to
> > be the "about:blank" page but also contains some kind of malware.
> >
> > I did not want to click on it even though I was on linux.  I did want to
> try
> > to figure it out in case I should let my friend know about it (he runs
> > windows).  I have no idea how to figure that out.
> >
> > On Mon, Jul 19, 2010 at 3:22 PM, James Finstrom
> > <jfinstrom at rhinoequipment.com> wrote:
> >>
> >>    The Uniform Resource Locator (URL) schemes, "cid:" and "mid:" allow
> >>    references to messages and the body parts of messages.  For example,
> >>    within a single multipart message, one HTML body part might include
> >>    embedded references to other parts of the same message.
> >>
> >> http://www.ietf.org/rfc/rfc2111.txt
> >>
> >> On Mon, Jul 19, 2010 at 3:19 PM, Dazed_75 <lthielster at gmail.com> wrote:
> >>>
> >>> Got an email from a friend.  It includes a link that looks strange and
> >>> seems to have no place in the context of the email.  Hovering the
> cursor
> >>> over it seems to show that it resolves to "about:blank".  Here is is
> with
> >>> some spaces inserted to make it not be active:
> >>>
> >>> cid : 82 E5A786026D48CFB93EDE028A88F0EB @ SportdocPC
> >>>
> >>> Anyone know?
> >>>
> >>> --
> >>> Dazed_75 a.k.a. Larry
> >>>
> >>> The spirit of resistance to government is so valuable on certain
> >>> occasions, that I wish it always to be kept alive.
> >>>   - Thomas Jefferson
> >>>
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>
> >>
> >>
> >> --
> >> James Finstrom
> >> Rhino Equipment Corp.
> >> http://rhinoequipment.com ~ http://postug.com
> >> Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826
> >> Twitter: http://twitter.com/rhinoequipment
> >> IP: guest at asterisk.rhinoequipment.com
> >>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> >
> > --
> > Dazed_75 a.k.a. Larry
> >
> > The spirit of resistance to government is so valuable on certain
> occasions,
> > that I wish it always to be kept alive.
> >   - Thomas Jefferson
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
Dazed_75 a.k.a. Larry

The spirit of resistance to government is so valuable on certain occasions,
that I wish it always to be kept alive.
  - Thomas Jefferson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100723/470b49bc/attachment.html>