Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro
ID: a7606618-cd94-5c00-b8ec-2a3662776d30
STIX ID: report--a7606618-cd94-5c00-b8ec-2a3662776d30
Feed Name: Infoblox Blog
This report analyzes widespread abuse of the Keitaro self-hosted tracker as a traffic distribution system and cloaking layer used by multiple criminal actors—documenting large-scale malvertising (275M impressions), extensive domain registrations and DNS activity (~13.5k domains, ~226k queries, ~8k new registrations), spam-driven wallet‑drainer schemes, malware distribution (including SocGholish and loaders), cookie collisions across licenses, cracked/nulled installations, and outcomes of coordinated abuse reporting with Keitaro’s Trust & Safety team.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.