DomainMediumSignal 53/100

`birance.online`

First Seen

Mar 4, 2024

Last Seen

Mar 28, 2026

Mar 4

First Seen

831d ago

Mar 28

Last Seen

77d ago

Reports

source reports

53%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

53%

Signal Score

53 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

42 techniques

Feed Intelligence Summary

7 reports53% confidence

Source reports

53%

Confidence score

Category tags

abuseactive scanactive scanningapplication layer protocolattackauthentication attackauthentication attemptsauthentication failurebad reputationbotnetbotnet activitybrute forcebrute force attackcommand and controlcommunication protocolcredential accesscredential stuffingdata encryptiondata exfiltrationdata store exposureddosdenial of servicedistributed attacksdnsdns attackencryptionenumerationexploitationexploitation activityfinftpftp brute forcehttp brute forcehttp scannerhydraidentity & access exploitationimapindicatorinitial accessinjection activityinvalid login attemptslateral movementlogin attacklogin attemptlogin attemptsmalicious activitymalicious softwaremalwaremasscanmedusanetworknetwork activitynetwork attacksnetwork intrusion attemptnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmappassword attackpassword attackspassword sprayingphishingpossible credential compromisepotential intrusionprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedscanning activitysecurity operationsservice enumerationservice scansmb brute forcesmtpsmtp brute forcessh attacksynsyn scant1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.006t1040t1046t1047t1055t1056t1059t1059.001t1068t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1563t1565t1589t1589.002t1590t1592t1592.004t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelnet threatthreat actorthreat intelligencetor nodeudp port scanudp scanunauthorized access attemptvalid accountsweb trafficxmas

Activity Timeline

1 total obs

Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain `birance.online` is identified as a significant Indicator of Compromise (IOC) with a score of 53.00, indicating a substantial risk to organizational security. This IOC is strongly associated with the BianLian and Medusa ransomware groups, recognized for their disruptive and financially motivated attacks. If this domain is encountered within an organizational network, it could signal an ongoing or impending ransomware deployment, leading to severe data encryption, system unavailability…

Threat ScoreMedium Risk

SIGNAL

Signal Score

53%

Confidence

Reports

First seenMar 4, 2024

Last seenMar 28, 2026

VirusTotal

Not checked

WHOIS

domain rank: -1
raw: Create date: 2022-11-23 00:00:00 Domain name: birance.online Domain registrar id: 1068 Domain registrar url: https://namecheap.com Expiry date: 2023-11-23 00:00:00 Name server 1: NS1.DNS-PARKING.COM Name server 2: NS2.DNS-PARKING.COM Query time: 2022-11-25 01:19:05 Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: c3e4472e8f320a6ds@ Registrant state: 3e0204199d8ebf9c Update date: 2022-11-23 00:00:00
references: https://labs.inquest.net/iocdb
subdomains count: 0

`birance.online`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy