IOC Radar
DomainMediumSignal 49/100

tutamail.com

Location
NetherlandsNetherlands
First Seen
Sep 15, 2020
Last Seen
Jun 2, 2026
Sep 15
First Seen
2098d ago
Jun 2
Last Seen
12d ago
9
Reports
source reports
49%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

78 techniques

Feed Intelligence Summary

9 reports49% confidence
9
Source reports
49%
Confidence score
Category tags
academic institutionsaccessaccommodation and food servicesaccommodation servicesactionactive scanactive scanningactors attadminaerospace & defenseaes keyagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingamazonandroidapiasiaaustriaautomotive manufacturingbabuklockergroupsbad web botbankingberbewblogblog spambotnet activitybrazilbrute forcebrute force attackbrute-forcebruteforcebuyingcaretocensyschannelchemical & pharmaceuticalchinesecisacivilck techniquescloud securitycobalt strikecockcodecode executioncode injectioncoinbasecommand and controlcommand executioncommentcommercial bankingcommunication technologiescommunications networksconnectconsumer goodsconticookiecopycatcredential accesscredential harvestingcredential stuffingcredit card servicescrimecritical infrastructurecrop productioncryptocrypto currencycryptocurrencycrysiscustomcustomer datacyber securitydata exfiltrationdata store exposuredata theftdatabase securityddosddos attackddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetailsdnsdns attackdoneeducationeducational resourceseducational serviceseducational technologyelectronics manufacturingemailemergency servicesencryptencrypted connectionsendgameenergyenergy systemsenterprise securityestoniaeu cyber policieseuropeeurope/asiaexecutable fileexploitexploitation activityexploited hostfarmingfifilefinancefinance and insurancefinancial servicesfinancial systemsfinancial technologyfinlandfleet managementfoodfood productionfood servicesformbook stealerfrancefraudfraud voipfreight servicesftp brute-forcegaminggermanygithubglobalgooglegovernment facilitiesgroupgroupsgtguest serviceshackershackinghighhigher educationhoffmanhospitality technologyhotelshtmlhtml smugglinghtml_smugglinghttphttpshunterhuntersidentity & access exploitationimpactincindicatorindustrial automationindustrial iotindustrial productioninfoinformation technologyinfostealeringress tool transferinjection activityinjection attacksinstallintelligence agency surveillanceinternet of thingsiosiot botnetiot securityiot targetediot/ics attackisraelit infrastructurejamesjavajava jimagejoinjre buildk-12 educationkazakhstanlapsuslaw enforcement surveillancelinuxlittlelivestock managementlocallockermacmalicious downloadmalicious softwaremalwaremalware campaignmalware distributionmanufacturing technologymaritime transportmedia & entertainmentmetasploitmexicomilitary operationsmiraimirai botnetmitre attmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywaremobile threatnation-state activitynational securitynetherlandsnetworknginxnokoyawanorth americansonso groupoauthoneopen proxyoperating systemparagonpassenger transportationpassword attackspatch managementpayloadpayment processingpegasuspeoplephishingphishing attackping of deathprecision agricultureprocess injectionprocess manufacturingproxyquality controlrail transportransomransomwarerdpreactreconnaissanceregional securityremote accessremote access trojanresearchedrestaurant operationsretail traderurussiarussian federationsaas securitysamsungscams & fraudscannerscriptsecurity operationssegmentsellingsendservershinyhuntersskynetsmssnatchsnatch threatsocialsocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiessonysouth americaspamspywaresshssh attackstealerstopransomwarestrongsupply chain attacksupply chain managementsupportsurface websustainable agriculturet1001t1011t1018t1019t1021t1021.001t1021.006t1027t1041t1055t1055.001t1059t1059.001t1059.003t1059.004t1059.007t1064t1069.001t1071t1071.001t1071.004t1078t1078.004t1088t1094t1105t1110.001t1110.002t1110.003t1110.004t1114.002t1133t1189t1190t1192t1199t1202t1203t1204t1204.001t1204.002t1218.001t1486t1496t1499.001t1499.002t1505t1526t1534t1539t1547t1552t1553.004t1555t1556t1557t1558t1563.002t1565t1566t1566.001t1566.002t1566.003t1567t1569.002t1573t1586t1587t1588t1589t1590t1592t1595t1595.001t1595.002t1595.003t1596.001t1596.004telecom servicestelecommunicationtelecommunicationsthreat actorthreat intelligencetoolstortor nodetourismtraffic maskingtransportation and warehousingtransportation infrastructuretransportation networkstransportation technologytrojantrojan downloadertrojan malwaretycoonunc3944unc6040unc6240united kingdomunited statesuploadurluseversionvishingvpnvpn ipvulnerability scanwater systemswealth managementweb app attackweb application attackweb exploitationweb spamwebsitewindowswixxsszero-day exploit

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
9
Reports
First seenSep 15, 2020
Last seenJun 2, 2026

VirusTotal

Not checked

WHOIS

registrar
INWX GmbH
domain rank
-1
raw
Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Billing City: REDACTED FOR PRIVACY Billing Country: REDACTED FOR PRIVACY Billing Organization: REDACTED FOR PRIVACY Billing Postal Code: REDACTED FOR PRIVACY Billing State/Province: REDACTED FOR PRIVACY Creation Date: 2015-03-12T13:16:24Z DNSSEC: signedDelegation Domain Name: TUTAMAIL.COM Domain Name: tutamail.com Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1506.AWSDNS-60.ORG Name Server: NS-1593.AWSDNS-07.CO.UK Name Server: NS-177.AWSDNS-22.COM Name Server: NS-973.AWSDNS-57.NET Name Server: ns-1506.awsdns-60.org Name Server: ns-1593.awsdns-07.co.uk Name Server: ns-177.awsdns-22.com Name Server: ns-973.awsdns-57.net Registrant City: 1f8f4166599d23ee Registrant Country: DE Registrant Email: 2d8644446d24f14as@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 1f8f4166599d23ee Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 3432650ec337c945 Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +49.30983212112 Registrar Abuse Contact Phone: +49.30983212123 Registrar IANA ID: 1420 Registrar Registration Expiration Date: 2026-03-12T13:16:24Z Registrar URL: http://www.inwx.com Registrar URL: https://whois.domrobot.com Registrar WHOIS Server: whois.domrobot.com Registrar: INWX GmbH Registry Admin ID: REDACTED FOR PRIVACY Registry Billing ID: REDACTED FOR PRIVACY Registry Domain ID: 1909390004_DOMAIN_COM-VRSN Registry Expiry Date: 2026-03-12T13:16:24Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Reseller URL: https://www.inwx.de Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2025-03-12T00:20:13Z Updated Date: 2025-03-13T07:19:03Z You can use the following website to send a message to contacts of a domain: https://whois-contact.domrobot.com
references
https://www.seqrite.com/blog/google-salesforce-breach-unc6040-threat-research/, https://twitter.com/f0wlsec/status/1773828527793508459, https://blogs.blackberry.com/en/2020/06/threat-spotlight-tycoon-ransomware-targets-education-and-software-sectors, https://labs.inquest.net/iocdb, https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a, https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf, https://www.cisa.gov/sites/default/files/2023-09/AA23-263A%20%23StopRansomware%20Snatch%20Ransomware.stix_.json
subdomains count
5

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 12 days ago
Appeared in 9 threat reports