Date: Tue, 7 May 2013 22:54:26 +0100 [05/07/13 17:54:26 EDT]The link in the email goes through a legitimate hacked site and ends up on [donotclick]ehrap.net/news/days_electric-sources.php (report here) hosted on (or with nameservers on) the following IPs:
From: "Amazon.com" [email@example.com]
Subject: Your Amazon.com order confirmation.
Thanks for your order, [redacted]!
Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.
E-mail Address: [redacted]
216 CROSSING CRK N
Order Grand Total: $ 53.99
Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More
Order #: I12-4392835-6098844
Subtotal of items: $ 53.99
Total before tax: $ 53.99
Tax Collected: $0.00
Grand Total: $ 50.00
Gift Certificates: $ 3.99
Total for this Order: $ 53.99
The following item is auto-delivered to your Kindle or other device. You can view more information about this order by clicking on the title on the Manage Your Kindle page at Amazon.com.
Mockingjay (The Final Book of The Hunger Games) [Kindle Edition] $ 53.99
Sold By: Random House Digital, Inc.
Give Kindle books to anyone with an e-mail address - no Kindle required!
You can review your orders in Your Account. If you've explored the links on that page but still have a question, please visit our online Help Department.
Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.
Thanks again for shopping with us.
Earth's Biggest Selection
Prefer not to receive HTML mail? Click here
220.127.116.11 (Telecom Italia, Italy)
18.104.22.168 (Comcast, US)
22.214.171.124 (TANet, Taiwan)
126.96.36.199 (Trabia-Network, Moldova)
188.8.131.52 (The Noor Group, Egypt)
184.108.40.206 (Media Temple, US)
The domains involved indicate that this is the gang behind what I call the Amerika series of spam emails.