[mailop] PROPFIND to webmail?

Alessandro Vesely via mailop Fri, 16 Jan 2026 05:27:03 -0800

Hi all,

looking at the web logs I found several PROPFIND requests, mostly to webmail.The webmail server replies 301, but the client doesn't follow up; it repeatsthe same request after some minutes. The total number of queries is too low tobe classified as DDoS.

Other web sites I host reply 405 (Method not allowed) or 403 (Forbidden), but Ionly found 1 such request (from 79.133.126.183). Another site which replies301 hosts a Mediawiki pages. Perhaps replies had been learned in the past.

I paste below the total count of requests per day and the partial count ofthose directed to webmail, sometimes equal sometimes slightly below.

I also paste the source IPs, along with the total count of requests in theperiod since last December 18th, the last time the IP was reported to AbuseIPDBand the ISP. It shows they're likely 0wned devices. Still, cannot guess whatthey're after.


Ideas?

Best
Ale
--

Daily counts
 all webmail         date
  45      45   2025-12-18
 109     109   2025-12-19
 203     179   2025-12-20
 177     163   2025-12-21
 227     191   2025-12-22
 189     167   2025-12-23
 127     125   2025-12-24
 132     132   2025-12-25
 130     130   2025-12-26
 124     124   2025-12-27
  80      80   2025-12-28
  76      76   2025-12-29
  62      62   2025-12-30
  66      66   2025-12-31
  58      58   2026-01-01
  77      72   2026-01-02
  85      85   2026-01-03
  70      70   2026-01-04
  96      88   2026-01-05
  81      78   2026-01-06
  66      66   2026-01-07
  61      60   2026-01-08
  92      91   2026-01-09
  69      69   2026-01-10
  88      86   2026-01-11
  43      41   2026-01-12
  80      80   2026-01-13
  24      22   2026-01-14
   6       4   2026-01-15
   7       5   2026-01-16
  22      13   today, and counting


count IP                last report  ISP
 2377 204.76.203.8;     2026-01-16   Intelligence Hosting LLC, NL
   15 94.26.106.113;    2026-01-16   Telco power Ltd, DE
   14 167.71.195.58;    2026-01-15   DigitalOcean, LLC, SG
   14 157.230.254.13;   2026-01-15   DigitalOcean, LLC, SG
   13 159.223.71.35;    2026-01-15   DigitalOcean, LLC, SG
   12 174.138.22.55;    2026-01-15   DigitalOcean, LLC, SG
   12 157.245.199.254;  2026-01-15   DigitalOcean, LLC, SG
   11 157.230.44.100;   2026-01-15   DigitalOcean, LLC, SG
   10 68.183.237.44;    2026-01-15   DigitalOcean, LLC, SG
   10 188.166.237.187;  2026-01-15   DigitalOcean, LLC, SG
   10 167.71.223.55;    2026-01-15   DigitalOcean, LLC, SG
   10 104.248.147.10;   2026-01-15   DigitalOcean, LLC, SG
    9 64.23.158.207;    2026-01-15   DigitalOcean, LLC, US
    9 206.189.34.225;   2026-01-15   DigitalOcean, LLC, SG
    9 178.128.57.139;   2026-01-15   DigitalOcean, LLC, SG
    9 167.71.204.99;    2026-01-15   DigitalOcean, LLC, SG
    9 159.223.43.210;   2026-01-15   DigitalOcean, LLC, SG
    8 68.183.234.44;    2026-01-15   DigitalOcean, LLC, SG
    8 188.166.219.249;  2026-01-10   DigitalOcean, LLC, SG
    8 159.223.94.58;    2026-01-15   DigitalOcean, LLC, SG
    8 157.230.251.161;  2026-01-15   DigitalOcean, LLC, SG
    8 157.230.248.130;  2026-01-15   DigitalOcean, LLC, SG
    7 167.71.222.93;    2026-01-15   DigitalOcean, LLC, SG
    7 167.172.90.93;    2026-01-15   DigitalOcean, LLC, SG
    7 165.22.101.34;    2026-01-15   DigitalOcean, LLC, SG
    6 202.1.31.161;     2026-01-16   VIVSTAR TELECOM (OPC) PRIVATE LIMITED, SG
    6 178.128.90.96;    2026-01-15   DigitalOcean, LLC, SG
    6 139.59.123.216;   2026-01-15   DigitalOcean, LLC, SG
    5 143.198.218.102;  2026-01-15   DigitalOcean, LLC, SG
    5 139.59.118.74;    2026-01-15   DigitalOcean, LLC, SG
    5 103.59.160.237;   2025-12-31   PT Gunung Sedayu Sentosa, ID
    4 206.189.90.119;   2026-01-15   DigitalOcean, LLC, SG
    4 159.65.7.27;      2026-01-15   DigitalOcean, LLC, SG
    4 159.65.132.79;    2026-01-15   DigitalOcean, LLC, SG
    4 159.223.52.119;   2025-12-31   DigitalOcean, LLC, SG
    4 152.42.217.93;    2026-01-15   DigitalOcean, LLC, SG
    4 143.198.194.12;   2025-12-29   DigitalOcean, LLC, SG
    3 209.97.175.206;   2026-01-15   DigitalOcean, LLC, SG
    3 206.189.90.228;   2026-01-15   DigitalOcean, LLC, SG
    3 202.1.31.177;     2026-01-16   VIVSTAR TELECOM (OPC) PRIVATE LIMITED, SG
    3 202.1.31.174;     2026-01-13   VIVSTAR TELECOM (OPC) PRIVATE LIMITED, SG
    3 178.128.112.248;  2026-01-15   DigitalOcean, LLC, SG
    3 174.138.26.23;    2026-01-04   DigitalOcean, LLC, SG
    3 165.232.188.22;   2026-01-10   DigitalOcean, LLC, IN
    3 157.230.143.80;   2026-01-16   DigitalOcean, LLC, US
    3 152.42.245.162;   2026-01-14   DigitalOcean, LLC, SG
    3 152.42.181.191;   2026-01-16   DigitalOcean, LLC, SG
    3 146.190.100.245;  2025-12-20   DigitalOcean, LLC, SG
    3 143.198.85.239;   2026-01-13   DigitalOcean, LLC, SG
    3 143.198.217.200;  2025-12-29   DigitalOcean, LLC, SG
    2 68.183.85.38;     2026-01-15   DigitalOcean, LLC, IN
    2 209.145.56.211;   2026-01-15   Contabo Inc., US
    2 188.166.228.51;   2026-01-15   DigitalOcean, LLC, SG
    2 167.71.205.35;    2025-12-22   DigitalOcean, LLC, SG
    2 165.232.191.158;  2026-01-15   DigitalOcean, LLC, IN
    2 165.22.49.23;     2026-01-15   DigitalOcean, LLC, SG
    2 165.22.242.127;   2026-01-15   DigitalOcean, LLC, SG
    2 165.22.100.217;   2026-01-15   DigitalOcean, LLC, SG
    2 159.89.201.109;   2025-12-22   DigitalOcean, LLC, SG
    2 159.65.143.148;   2026-01-15   DigitalOcean, LLC, SG
    2 159.223.94.187;   2025-12-29   DigitalOcean, LLC, SG
    2 159.223.68.90;    2026-01-15   DigitalOcean, LLC, SG
    2 159.223.47.230;   2025-12-22   DigitalOcean, LLC, SG
    2 157.245.151.230;  2026-01-10   DigitalOcean, LLC, SG
    2 157.245.111.226;  2026-01-10   DigitalOcean, LLC, IN
    2 152.42.223.87;    2026-01-16   DigitalOcean, LLC, SG
    2 143.198.196.161;  2026-01-15   DigitalOcean, LLC, SG
    2 143.110.188.214;  2026-01-15   DigitalOcean, LLC, IN
    2 129.212.229.125;  2026-01-16   DigitalOcean, LLC, SG
    1 94.156.152.7;     2026-01-16   Internet Magnate (Pty) Ltd, BG
    1 89.42.231.239;    2026-01-16   Amarutu Technology Ltd, NL
    1 89.42.231.179;    2026-01-16   Amarutu Technology Ltd, NL
    1 79.133.126.183;   2026-01-16   G-Core Labs Customer assignment, NL
    1 68.183.75.104;    2026-01-16   DigitalOcean, LLC, DE
    1 68.183.229.69;    2026-01-10   DigitalOcean, LLC, SG
    1 64.225.26.162;    2026-01-16   DigitalOcean, LLC, US
    1 46.101.187.13;    2026-01-16   DigitalOcean, LLC, DE
    1 206.189.80.57;    2025-12-24   DigitalOcean, LLC, SG
    1 202.1.31.176;     2026-01-12   VIVSTAR TELECOM (OPC) PRIVATE LIMITED, SG
    1 159.89.204.13;    2026-01-16   DigitalOcean, LLC, SG
    1 159.203.103.160;  2026-01-16   DigitalOcean, LLC, US
    1 157.245.108.111;  2026-01-10   DigitalOcean, LLC, IN
    1 152.42.251.97;    2026-01-15   DigitalOcean, LLC, SG
    1 152.42.225.183;   2026-01-15   DigitalOcean, LLC, SG
    1 152.42.217.192;   2025-12-29   DigitalOcean, LLC, SG
    1 152.42.160.18;    2026-01-16   DigitalOcean, LLC, SG
    1 142.93.219.218;   2026-01-15   DigitalOcean, LLC, IN



_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

[mailop] PROPFIND to webmail?

Reply via email to