GreyNoise Labs Weekly OAST (Well-known Out-of-band Interaction Domains) Report • Week Ending 2026-02-13

This report analyzes a multi-campaign, large-scale automated scanning operation that injected Interactsh OAST domains across numerous HTTP vectors and actively probed/exploited hundreds to thousands of hosts (notably CVE-2026-1281 Ivanti EPMM). Analysts cluster activity into distinct infrastructure groups (Cloudflare-proxied, Oracle Cloud, Private Layer, PROSPERO bulletproof hosting, Vietnamese/Estonian nodes, Tor exits) using JA4T/JA4H/JA3 fingerprints, enumerate primary IPs and OAST domains, and provide detection rules and prioritized mitigations including blocking specific ASNs/IPs, monitoring OAST domains, and patching targeted CVEs.