From: MyFax [firstname.lastname@example.org]Clicking the link leads to a page like this:
Date: 22 January 2015 at 15:08
Subject: Fax #4356342
Sent date: Thu, 22 Jan 2015 15:08:30 +0000
The download leads to an EXE-in-ZIP download which is a little different every time    [virustotal]. Detection rates are around 6/55.
The Malwr report shows communication with the following URLs:
Of these 18.104.22.168 is the essential one to block traffic to, belonging to Excell Media Pvt Ltd in India. A file axybT95.exe is also dropped according to the report, which has a detection rate of 7/48.
I haven't seen a huge number of these, the format of the URLs looks something like this: