Our site hosts static assets at
/assets/…. In debugging a font-related issue, I looked through our logs for unusual activity. I found a bunch of requests like these
method path referer PUT /assets/js/40-8b8c.chunk.js https://mysite.com PUT /assets/fonts/antique.woff2 https://mysite.com/assets/css/mobile-ef45.chunk.css
The requests come from lots of different IP addresses all over the world. I don’t see any pattern in the
User-Agents. The only HTTP methods are
HEAD (odd, but fine),
GET (expected), and
PUT (very suspicious).
I haven’t been able to identify any code in our system that would cause a browser to make
PUT requests to these paths.
I have no evidence that this activity is malicious. It could certainly be a broken browser plugin.
Has anyone seen this sort of behavior?