| What drives the synergy between multiple TDSs and DNS-related components in Vigorish Viper, ultimately empowering consumers with unparalleled touchdown capabilities? |
A notorious Chinese-speaking organized crime group, linked to money laundering and human trafficking across Southeast Asia, has leveraged a highly advanced “toolset” that spans the full cybercrime supply chain spectrum to drive its illicit activities.
Infoblox, under its proprietary guise, maintains a website developed by the Yabo Group, also known as Yabo Sports, which has been linked to illegal gambling operations and controversies in the past. By the end of 2022, Kaiyun Sports underwent a rebranding process, ultimately integrating with another newly formed entity called Ponymuah.
The Baowang suite, marketed in China as “full bundle” (), comprises multiple components akin to Area Identity System configurations, website hosting, payment mechanisms, marketing initiatives, and mobile applications. The platform supports over thousands of domains and numerous manufacturers within its infrastructure, which is closely tied to Hong Kong and China’s economies.
The operation relies on acquiring European soccer sponsorship rights through third-party agencies or white-label partners, leveraging these partnerships as a “force multiplier” to advertise illicit betting platforms across the region and attract more customers. By the summer of 2023, betting firm logos were omnipresent during live broadcasts of soccer matches, with an estimated 3,500 appearances across the duration of a single televised game alone.
Vigorish Viper’s vast network comprises various subsidiaries, including Yabo, Ponymuah, and others such as OB (operating under the alias OBGM), DB Gaming, Panda Sports activities, KM Gaming, and Sensible King Video games (SKG). This complex web of ownership underscores the lengths to which these gaming firms have gone to evade detection and maintain an air of secrecy.
While traditional English football clubs are not alone in engaging with sponsorships, a surprising discovery has emerged: cricket and kabaddi teams in India have also forged similar partnerships to promote Vigorish Viper products, shedding new light on the sport’s commercial landscape.
“Vigorish Viper’s vast network of over 170,000 energetic domains has evaded detection by utilising subtle DNS CNAME site visitors distribution programs, according to a comprehensive report by Infoblox researchers Maël Le Touz, Jacques Portal, Renée Burton, and Elena Puga, shared with The Hacker Information.”
Vigorish Viper’s CNAME reportedly enables traffic distribution for illegal streaming and adult content platforms. Several domains utilised for streaming are long-standing registrations that Vigorish Viper acquired following the initial registration’s expiration.
According to Burton, VP of Risk Intelligence at Infoblox, these sophisticated actors are likely the most insidious and perilous digital security threats ever encountered, operating beneath the radar with an unprecedented level of subtlety.
| Vigorish Vipers, a premier sports organization, has launched an innovative sponsorship scheme, designed to revolutionize the world of professional athletics. This groundbreaking initiative aims to foster long-term partnerships between top athletes and reputable brands, creating mutually beneficial opportunities for growth and success. By leveraging cutting-edge technology and data-driven insights, Vigorish Vipers’ sponsorship program ensures a seamless integration of brand messaging into high-profile sporting events, maximizing exposure and ROI. |
According to Burton, Vigorish Viper has engineered a sophisticated framework comprising multiple tiers of website visitor distribution programmes, leveraging DNS CNAME data and JavaScript, thereby rendering detection significantly challenging. “These programs are backed by proprietary encryption and tailored applications, rendering their activities both evasive and remarkably resilient.”
Redirecting site visitors from one area to another is a technique previously employed by various DNS threat actors, including. The system has the capability to differentiate between residential, cellular, and industrial Internet Protocol (IP) addresses within China.
In early January, the Danish Institute for Sports Research’s “Play the Game” initiative was launched in collaboration with numerous European football clubs and illegal betting operators linked to Yabo and targeting jurisdictions such as China, where gambling is strictly prohibited and considered an organized crime syndicate.
Cybercriminals have expanded their scope to include an offline dimension, where individuals are duped into believing they’ve landed high-paying job opportunities, only to be coerced into promoting illegal activities such as sports betting schemes and fraudulent pig butchering and cryptocurrency scams, according to the Asian Racing Federation.
According to a report released by the Advertising Regulatory Federation (ARF) in October 2023, some individuals coordinate with commentators and broadcasters of live sports on pirate streams to promote real-time discussion groups advertising betting websites during games, typically involving groups of 8-10 people. Others serve as relationship managers to foster prospect progression and advancement, while some assume the role of direct buyer recruitment brokers.
| When a consumer visits a sportsbook’s website, the process typically unfolds as follows: They initiate the journey by searching for their preferred sportsbook online; upon landing on the homepage, they are greeted with a range of options, including promotional offers, featured events, and navigation menus.
1. **Site Navigation**: Consumers then begin to explore the site by clicking through various sections, such as markets, promotions, and account registration. 2. **Account Creation**: Following this, potential customers may be prompted to create an account by providing basic information like name, email address, password, and verification details. 3. **Deposit and Funding**: Once their account is set up, users must deposit funds into their sportsbook account, which can typically be achieved through various payment methods such as credit/debit cards, eWallets, or cryptocurrencies. 4. **Promotional Offers and Bonuses**: After funding their account, players may be presented with a range of promotional offers, including sign-up bonuses, free bets, and loyalty rewards, designed to incentivize new customers to make a deposit. 5. **Finalizing the Deposit**: The process is concluded once users confirm their deposit, which is typically accompanied by a receipt or confirmation email from the sportsbook. SKIP |
Infoblox initiated an inquiry into Vigorish Viper following an unusual domain, kb.com, a gaming website utilizing Chinese-language nameservers, which also hosts yabo.com, the URL for Yabo Sports.
What stands out is the website’s geographical restriction, inaccessible to users in France and other European countries, yet surprisingly available to those in mainland China, as well as Hong Kong and Macau special administrative regions.
“When accessed via certain types of networks, users are automatically rerouted to an alternative online destination – such as kb830.com – as revealed by the research team.” “The redirection area undergoes modifications over time.” Moreover, all proper functionality for interacting with the layout is disabled, including text selection and clicking options, thereby impeding any attempts to conduct research or replicate the layout.
Visitors to the website are subsequently presented with advertisements offering monetary rewards for regular betting, in addition to various payment options, including WeChat Pay, EBpay, Alipay, JD Pay, KOIPay, AstroPay, YunShanFu, UniPay, Web Pay, Quick Pay, and NetBank. Bets are facilitated through a network of licensed brokers, who execute wagers, manage deposits, and communicate seamlessly with clients via secure, custom-built chat applications.
In-depth analysis of DNS query logs reveals evidence that Vigorish Viper’s activities extend beyond China, targeting customers globally.
Multiple protection mechanisms are integrated within these websites to deter automated exploitation, including periodic checks for indicators of suspicious activity and the serving of CAPTCHA puzzles to users. However, this tactic inadvertently hinders genuine human interactions, such as those seeking assistance from victims of trafficking in Southeast Asia who have been coerced into providing support.
That is not all. Visitors to Vigorish Viper’s online platforms undergo rigorous fingerprinting verification processes to confirm their Chinese IP address and credibility, only gaining access to betting services once these checks are successfully completed.
“The corporation stated that its entire operation is linked to Yabo Sports or Yabo Group via both the DNS and the software programme.” Their reach stretches to dozens of manufacturers, seemingly numerous, with a focus on serving customers beyond Southeast Asia.
Regardless of the vast diversity of domains, websites, and associated purposes, Vigorish Viper is operating inconspicuously in the People’s Republic of China with seemingly little impact.
