A potential corporate email address has been identified in the URL: DC4FCl9EEADTbpTauTauH92EDJA255C6DD4@Tau

Checks computer location settings

Looks up country code configured in the registry, likely geofence.

Looks up external IP address via web service

Uses a legitimate IP lookup service to find the infected system's external IP.

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Detected potential entity reuse from brand MICROSOFT.