We received few emails with subject:
Amazon.com Order Confirmation
The Blackhole exploit kit URL is:
GET /main.php?page=017f3bb5c2be6a41 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: adnroidsoft .net
Fortunately the domain is not anymore active.