No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution

This report analyzes widespread abuse of the Keitaro ad-tech tracker by multiple criminal actors, documenting large-scale malvertising and spam campaigns, credential- and wallet-draining phishing, diverse malware delivery (including DonutLoader and StealC v2), domain hijacking and TDS-based routing, and provides actor profiles and a curated list of IOCs and infrastructure tied to bulletproof hosting (e.g., AS214351).