Are there any legitimate HEAD requests ?
Suddenly some HEAD method reach matomo hook with these args :
action_name=site%20name&idsite=1&rec=1&r=972731&h=3&m=46&s=2&url=//%``5Cexample.com``&_id=8ce285409959910c&_idn=1&send_image=0&refts=0&dimension1=&dimension2=sommaire&dimension6=sommaire&pv_id=vWIQPW&pf_net=412&pf_srv=338&pf_tfr=63&pf_dm1=640&uadata=%7B%22formFactors%22:%5B%22Desktop%22%5D,%22fullVersionList%22:%5B%7B%22brand%22:%22%20Not%20A%3BBrand%22,%22version%22:%2299%22%7D,%7B%22brand%22:%22Chromium%22,%22version%22:%22145.0.0.0%22%7D,%7B%22brand%22:%22Google%20Chrome%22,%22version%22:%22145.0.0.0%22%7D%5D,%22mobile%22:false,%22model%22:%22Model%22,%22platform%22:%22Unknown%22,%22platformVersion%22:%220%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1920x1200
Notice the url=//%``5Cexample.com
Other HEAD requests have url=///%09/example.com or url=///%``5Cexample.com or url=////%09/example.com or url=////%``5Cexample.com or url=/////example.com or … more.
Well now i’ve listed these it’s clear that these are hacking attempts.
Still, are there any legitimate HEAD requests ?