Deniability by Design: DNS-Driven Insights into a Malicious Ad Network

This report attributes a large-scale malvertising and ad-fraud ecosystem, tracked as “Vane Viper,” to AdTech Holding and its PropellerAds subsidiary, documenting ~60,000 domains, TDS-driven redirection and cloaking, push-notification persistence abuse, and active malware distribution (including Triada APKs). It maps corporate and infrastructure ties (URL Solutions/Pananames, Webzilla/XBT, CloudOne/Fozzy) that facilitate registration, hosting, and resilience, and provides indicators of compromise and campaign technical details showing sustained, high-volume malicious activity across the adtech supply chain.