DomainHighVerifiedSignal 35/100
d.exports.children.map
Location
MexicoFirst Seen
Aug 2, 2022
Last Seen
Apr 2, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
35%
Signal Score
35 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports35% confidence
4
Source reports
35%
Confidence score
Category tags
20px0abortacademic institutionsacademic targetacceptactive scanactive scanningadclickafalseaheedalbertaalberta printalphaannew promiseapache licenseapplication securityarcdoarialarrayassignattrauthkeybackbankingbearerbeyondbindbodybonebooleanbotnetbotnet activitybrandsbridgebrute forcebrute force attackbuttoncanadacedebugcereadycfunctionchildchristclassclearallfiltersclick-based attackclosecode executioncode injectioncollegecommand and controlcommand executioncommand injection probecommunication protocolconfigconfiguration reviewcontactcookiecoveocoveoextensioncredential accesscredential stuffingcredit card servicescrimecrisiscryptocurrencycssselectorcubadailydata exfiltrationdata store exposureddosdebugdenial of servicedin bolddin meddin mediumdirectory traversaldistributed attacksdmwydnnew datedonedurationebp erroredgeedmonton cliniceducational resourceseducational serviceseducational technologyembedemodemojiencryptionenddateenrichipv6errorethiseventeventsexcerptn dateexecutable fileexploitation activityextendsthisexternal threat actorfacebook pixelfactoryfailfalsefblogfff urlfieldfinancefinancial servicesfinancial technologyfindfirst nationsflowsfont awesomeformfunctionfunctionalgeneratorgenericgggggobackgoogle sansgroups sethelloworldhelperhelveticahelvetica neuehigher educationhistory monthhistoryobserverhtmlhttp scannerhttpsiconsidentity & access exploitationiframeindexdurationindicatorinformation disclosureinformation disclosure attemptinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinjection attack probeinputinput validation bypassinsertinsighttag httpinstallinvalid attemptinvalid consentinvalid uuidit infrastructureiteratorithisitnullivoidjavascript analysisjavascript vulnerabilitiesjs sdkk-12 educationlabellatolayoutlazyleavelicenselifelinklinkn excerptnliveloadinglocalemagentomalicious downloadmalicious linksmalicious softwaremalwaremalware distributionmaritamathmembermenullmetadata analysismetagroup setmexicomisconfigured security headersmobilemobile securitymodemodelmonitormsiemtisnamenation-state activitynetworknetwork attacksnetwork protocolnetwork scanningnextnormalnorth americanorth campusnthisnumberobjectoenullofunctiononlineopenopen redirectoptionsor conditionsothisparamparameter fuzzingpasspassword attackspatchpath traversalpath traversal probepayment processingphishingpixelpixel codepossible data leakagepostpostdoctoralpotential vulnerability probingprocess injectionpromisepseudopublicly accessible resourcesqueryransomwarereconnaissancereflectregexpresearchedresetretryreturnrgbarobotoroboto slabromanrthisschoolscriptscripting attacksscrollsearchtipssecondssecurity scanningsegoe uisendservicesessidsfunctionshiftshopifyshowsnapchat pixelsocial engineeringsocial media securitysoftware developmentsortresultsbyspacesspanspinnersportspringsql injection probessdeepssl/tlsstringstrongsupersurveysymbolszszt1016t1040t1046t1055t1059t1059.007t1064t1068t1071.001t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.001t1204.002t1486t1496t1499.002t1499.003t1565t1566t1587.001t1588t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltermthird-party librariesthisthis codethreat actortimestimes newtoggletoggle toggletoolstor nodetrackertridenttruetypeoftypeof ctypeof ce2typeof definetypeof etypeof ftypeof md5typeof moduletypeof ntypeof rtypeof requiretypeof symboltypeof ttypeof windowtypetelundefunionurlsearchparamsuser executionvalueversionvhashview filtervisitorsvnodevoidvulnerability scanw sieciweakmapwealth managementweb application attackweb application exploitationweb application vulnerabilitiesweb attackweb exploitationweb trafficwebflwhaszwidgetwindowwordworkerxss probeyyyy
Activity Timeline
Apr 2Apr 2
Threat Activity Heatmap
· Peak: 2026-04-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **d.exports.children.map** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from Mexico. First observed on August
Threat ScoreLow Risk
35
SIGNAL
Signal Score
35%
Confidence
4
Reports
First seenAug 2, 2022
Last seenApr 2, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- Find out more about what makes University of Alberta a great place to live, learn, work, study, and learn all over the world, all in the same place, at one of Canada's leading universities.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 3 years ago · Last seen 2 months ago
Appeared in 4 threat reports