DomainMediumSignal 85/100
mentaorb.com
Location
United StatesFirst Seen
Mar 9, 2026
Last Seen
May 13, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports85% confidence
10
Source reports
85%
Confidence score
Category tags
abusech-threatfox-c2cactive scanactive scanningadvanced-persistent-threatautomated analysisautomated-analysisautomated-detectionautomated-threatautomated-threat-analysisbad reputationbotnetbotnet activitybotnet_c2brute forcebrute force attackbrute-force-attackc2c2-indicatorcode executioncommand & controlcommand and controlcommand executioncommand-and-controlcommand_and_controlcommunication protocolcredential accesscredential stuffingcredential-accesscredential-stuffingdata encryptiondata exfiltrationdata store exposuredistributed attacksdnsdns attackdns-c2dugganusa-researchemerging malware activityemerging threatemerging threat detectionemerging-threatencryptionevasionexploitexploitation activityftpftp-brute-forceftp-bruteforcehttp scannerhttp-brute-forcehttp-c2httpsidentity & access exploitationindicatorindicator-of-compromiseindicators_of_compromiseinfostealerinfrastructure acquisitionreconnaissanceinfrastructure-discoveryinitial accessinitial-accessinitial-access-attemptinjection activityiocip-address-iockpuspriyonewslateral movementmacosmalicious activity detectionmalicious infrastructuremalicious softwaremalwaremalware communicationmalware-activitymalware-campaignmalware-detectionmalware-indicatornetworknetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork-reconnaissancenorth americanovel threat detectionnovel-indicatornovel-indicator-detectionnovel-indicator-of-compromisenovel-iocnovel-ioc-detectionpassword attacksphantompulseport-scanport-scanningprecogprecog-detectionprecog-engineprocess injectionprotocol exploitationrdp-brute-forcerdp-bruteforcerdp_brute_forcereconnaissanceremote accessremote servicesremote-accessresearchedscanning activitysecurity operationsservice scanshubshub stealershubstealersmb-brute-forcesoftware exploitationssh attackssh-brute-forcessh-bruteforcessh_brute_forcestealert1005t1021t1021.001t1021.002t1027t1036t1040t1041t1046t1055t1059t1059.002t1059.007t1071t1071.001t1071.004t1076t1077t1078t1082t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1203t1204t1486t1496t1499.002t1499.003t1539t1543.001t1543.004t1547t1552.001t1555.001t1555.003t1560t1563t1565t1566t1568t1573t1574t1583t1587.001t1590t1590.001t1595t1595.001t1595.002t1595.003t1614telnet threatthreat actorthreat actor activitythreat intelligencethreat-actor-unknownthreat-detectionthreat-intelligencethreat-intelligence-feedtor nodeunited statesunknown threat groupweb trafficydznvjljcz6f7
Activity Timeline
May 13May 13
Threat Activity Heatmap
· Peak: 2026-05-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **mentaorb.com** has emerged as a significant indicator of compromise (IOC) linked to advanced persistent threat (APT) activities originating from the United States. First observed on March
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
10
Reports
First seenMar 9, 2026
Last seenMay 13, 2026
VirusTotal
Not checked
WHOIS
- description
- Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 1 month ago
Appeared in 10 threat reports