Why is anonymous user trying to access /admin/host/synctriggers?

Question

Since a few days ago, I have started receiving error messages from all my Azure websites:

"The controller for path '/admin/host/synctriggers' was not found or does not implement IController."

This is coming my an anonymous user (or bot). The full error message is below.

What is this about and should I be concerned that there is some malicious activity involved?

Source : Error in: https://myproject.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01,
MemberName : Application_Error(Param : referrerUrl=),
SourceFilePath : C:\ProjectPath\Global.asax.cs,

Username : Anonymous
Date/Time : 20/7/2019 02:11:05

Stack Trace:
Message : The controller for path '/admin/host/synctriggers' was not found or does not implement IController.
Source : System.Web.Mvc
StackTrace : at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)
at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)
at MvcSiteMapProvider.DI.ControllerFactoryDecorator.CreateController(RequestContext requestContext, String controllerName)
at System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.<>c__DisplayClass285_0.b__0()
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.b__0()
at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step)
at System.Web.HttpApplication.<>c__DisplayClass284_0.b__0(Action nextStepAction)
at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Answer 1

We've been seeing this as well in the last week. The User Agent comes through as "PolicyScan" and the source IP address is in the same Azure datacentre as the site being hit.

Not sure why this is happening, possible it's a error on the azure monitoring end, however the URL is certainly one of the URLs that is called relating to Azure functions. https://learn.microsoft.com/bs-latn-ba/azure/azure-functions/functions-deployment-technologies

Answer 2

Apparently this is a known issue with User-Agent: PolicyScan introduced recently.

We started receiving similar errors on 18 July 2019, round about the same time others started reporting these errors. However we're getting two errors - as well as a request to admin/host/synctriggers we're also getting a request to admin/functions.

The complete URLs are:

https://myapp.azurewebsites.net/admin/functions?api-version=2018-11-01 https://myapp.azurewebsites.net/admin/host/synctriggers?api-version=2018-11-01

Answer 3

According to the reply from a Microsoft employee/contractor at https://social.msdn.microsoft.com/Forums/azure/en-US/361bb082-e40b-4722-885e-92964f4afad7/daily-requests-to-adminhosts-and-adminfunctions-resulting-in-http-404-or-500-responses?forum=windowsazurewebsitespreview, the issue should be resolved.

Indeed, I have not received the alert for a few days now.

I am still not clear on what PolicyScan is, though.