GreyNoise Labs Weekly OAST (Well-known Out-of-band Interaction Domains) Report • Week Ending 2026-01-09

GreyNoise observed 30,165 OAST-tagged sessions from 64 IPs during 2026-01-03 to 2026-01-09, identifying three operational clusters: a high-volume MCP server command injection burst from OVH IP 51.77.116.46, a coordinated React2Shell (CVE-2025-55182) exploitation across multiple ASNs, and multi-vector scanning from MEVSPACE; the report includes decoded OAST campaign IDs, payload samples, primary IOCs (notably several IPs and JA4 fingerprints), and concrete detection and mitigation recommendations.