Deniability by Design: DNS-Driven Insights into a Malicious Ad Network

The report exposes “Vane Viper” — an adtech-backed threat actor (linked to AdTech Holding/PropellerAds and related firms) that operates a large traffic distribution system abusing push notifications, service workers, and cloaking to deliver malvertising, malware (including mobile trojans like Triada and reported infostealer campaigns), and ad-fraud at scale via tens of thousands of ephemeral domains and overlapping registrar/hosting infrastructure; the analysis provides technical TTPs, infrastructure attributions (WHOIS/RIPE), campaign flows, and indicators for defenders.