216.73.217.50

The Mystery OAST Host Behind a Regionally Focused Exploit Operation

· Published 28/11/2025 02:45 · Modified 21/12/2025 18:16

Export JSON

Essential information

Published
28/11/2025 02:45
Modified
21/12/2025 18:16
Tags
2025-11-28 CVE-2025-2611 CVE-2025-4428 brazil exploit fastjson google cloud nuclei oast regional targeting scanning infrastructure
Related entities
2 vulnerabilities (cve), 6 observables, 8 techniques (mitre), 5 others

Description

A long-running, attacker-operated service on has been observed driving a focused operation. The actor combines stock templates with custom payloads to expand their reach. All observed activity targeted canaries deployed in , indicating a deliberate regional focus. The operation involves roughly 1,400 attempts spanning more than 200 CVEs. The attacker uses a private domain, detectors-testing.com, which has been active for at least a year. The infrastructure is hosted on US-based , providing practical benefits for the attacker. The actor demonstrates willingness to modify common components, as evidenced by a custom payload. This sustained scanning effort suggests a more structured operation than typical spraying.

External references