Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams

Infoblox and Confiant analyzed four months of data revealing extensive abuse of the Keitaro Tracker by criminal operators who deploy domain cloaking, conditional routing, AI-generated content and deepfakes to run large-scale investment scams, tech-support fraud, giveaway/phishing funnels, and other ad-driven scams; the research identifies thousands of malicious Keitaro instances (≈15,500 domains), named actor clusters (e.g., FaiKast, WickedWally, FishSteaks), common TTPs, and a curated set of IOCs used for remediation and takedowns.