ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain api.equisphire.com.
Database Entry
| IOC ID: | 1660789 |
|---|---|
| IOC: | api.equisphire.com |
| IOC Type : | domain |
| Threat Type : | payload_delivery |
| Malware: | Unknown malware |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS47583 AS-HOSTINGER |
| Country: |  LT |
| First seen: | 2025-11-29 09:31:03 UTC |
| Last seen: | never |
| UUID: | e8e6085e-cca9-11f0-a341-42010aa4000a |
| Reporter |  HuntYethHounds |
| Reward | 5 credits from ThreatFox |
| Tags: | Contagious Interview DPRK Fake Job Platform Koover |
| Reference: | https://www.validin.com/blog/inside_dprk_fake_job_platform/ |
HuntYethHounds
Evidence:The website api[.]equisphire[.]com once shared the title “Stafnex” like the domain stafnex[.]com reported by Validin on X.
The website api[.]equisphire[.]com has the text “Join 10,000+ Companies Worldwide” whilst the webpage lenvny[.]com reported by Validin has similar text “Join 10,000+ Organizations Worldwide”. Both websites have a structurally similar template which includes the same down-chevron SVG icon . The website both have the text “Explore Open Positions” and “What kind of support do you provide?”. They both share identical copyright text “This website uses cookies to improve your web experience. By using the site, you agree to the use of cookies.” The webpages logos are both hosted on the free image hosting service i.postimg.cc. The webpages share the identical SVG images for AirBNB, Netflix, Shopify, Uber, and Stripe which are hosted on wikimedia.org.