← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro
WHITE celestre 2026-04-01 Modified: 2026-05-01
15
IOCs
MEDIUM VOLUME
This post is part 3 in our multi‑part series examining abuse of Keitaro Tracker. In part 1 and part 2, we documented several threat types and actors that leverage Keitaro for a range of malicious activities. Part 2 also provided additional visibility into the prevalence of Keitaro abuse across spam and malvertising ecosystems.
domainip addresslos pollospropeller adslanding pagedomain hostingmajor cryptodomainskeitaro version
Indicators of Compromise (15)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain apiexplorerzone.com 2026-04-01
domain blessedwirrow.org 2026-04-01
domain digdonger.org 2026-04-01
domain fetchapiutility.com 2026-04-01
domain hmedshop.shop 2026-04-01
domain rapiddevapi.com 2026-04-01
domain rednosehorse.com 2026-04-01
domain ryptosell.shop 2026-04-01
domain scyphoserippleepidosite.com 2026-04-01
domain sunpetalra.com 2026-04-01
domain swim39.ru 2026-04-01
domain tds11111.com 2026-04-01
domain tonamlchecks.com 2026-04-01
hostname juxysij.hkjhsuies.com.es 2026-04-01
hostname subiz.tds11111.com 2026-04-01
References (1)
↗ https://www.infoblox.com/blog/threat-intelligence/patterns-pirates-and-provider-action-what-we-learned-working-with-keitaro/