No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution

Infoblox Threat Intel and Confiant analyzed widespread abuse of Keitaro, an all‑in‑one adtech/tracker, showing how diverse criminal actors leverage its tracking, cloaking, and TDS capabilities to run large-scale malvertising, phishing, wallet‑drainer and PII‑harvesting campaigns; the report documents malware (loaders and stealers), high-volume spam and programmatic ads, domain‑hijacking, and TTPs used to evade detection, and provides numerous indicators and infrastructure ties (e.g., AS214351, Cloudflare-fronted hosts).