From: firstname.lastname@example.orgAll the emails are somewhat mangled, but the first link in the email (not the uktservices.com link) goes to what appears to be an exploit kit:
Date: 1 October 2014 14:01
Subject: Booking Cancellation
Your booking at 13:15 on 1st Oct 2014 has been Cancelled.
Here is a link to your updated bookings view:
< href="[redacted] ">http://www.uktservices.com/
system/drivers/jobs/51/ 66c3a53705f1ea2c5b8a11c94c29c6 328599a0fc
The links in the emails I have seen so far go to:
In all cases, those pages forward to a malicious page at:
The IP of 18.104.22.168 belongs to EDIS GmbH in Austria, and I suspect it has been hacked through an insecure Joomla installation.
I haven't been able to identify which exploit kit it is as it it has been hardened against analysis, but you can guarantee that this is malicious in some way or another.