Re: [mailop] PROPFIND to webmail?

Jarland Donnell via mailop Fri, 16 Jan 2026 15:50:12 -0800

My guess is they're hoping to find an insecure WebDAV server. Given thenetworks in that list, I would highly doubt they're just misconfiguredand making innocent requests.


On 2026-01-16 07:21, Alessandro Vesely via mailop wrote:

Hi all,

looking at the web logs I found several PROPFIND requests, mostly towebmail. The webmail server replies 301, but the client doesn't followup; it repeats the same request after some minutes. The total numberof queries is too low to be classified as DDoS.

Other web sites I host reply 405 (Method not allowed) or 403(Forbidden), but I only found 1 such request (from 79.133.126.183).Another site which replies 301 hosts a Mediawiki pages. Perhapsreplies had been learned in the past.

I paste below the total count of requests per day and the partial countof those directed to webmail, sometimes equal sometimes slightly below.

I also paste the source IPs, along with the total count of requests inthe period since last December 18th, the last time the IP was reportedto AbuseIPDB and the ISP. It shows they're likely 0wned devices.Still, cannot guess what they're after.


Ideas?

Best
Ale
--

Daily counts
 all webmail         date
  45      45   2025-12-18
 109     109   2025-12-19
 203     179   2025-12-20
 177     163   2025-12-21
 227     191   2025-12-22
 189     167   2025-12-23
 127     125   2025-12-24
 132     132   2025-12-25
 130     130   2025-12-26
 124     124   2025-12-27
  80      80   2025-12-28
  76      76   2025-12-29
  62      62   2025-12-30
  66      66   2025-12-31
  58      58   2026-01-01
  77      72   2026-01-02
  85      85   2026-01-03
  70      70   2026-01-04
  96      88   2026-01-05
  81      78   2026-01-06
  66      66   2026-01-07
  61      60   2026-01-08
  92      91   2026-01-09
  69      69   2026-01-10
  88      86   2026-01-11
  43      41   2026-01-12
  80      80   2026-01-13
  24      22   2026-01-14
   6       4   2026-01-15
   7       5   2026-01-16
  22      13   today, and counting


count IP                last report  ISP
 2377 204.76.203.8;     2026-01-16   Intelligence Hosting LLC, NL
   15 94.26.106.113;    2026-01-16   Telco power Ltd, DE
   14 167.71.195.58;    2026-01-15   DigitalOcean, LLC, SG
   14 157.230.254.13;   2026-01-15   DigitalOcean, LLC, SG
   13 159.223.71.35;    2026-01-15   DigitalOcean, LLC, SG
   12 174.138.22.55;    2026-01-15   DigitalOcean, LLC, SG
   12 157.245.199.254;  2026-01-15   DigitalOcean, LLC, SG
   11 157.230.44.100;   2026-01-15   DigitalOcean, LLC, SG
   10 68.183.237.44;    2026-01-15   DigitalOcean, LLC, SG
   10 188.166.237.187;  2026-01-15   DigitalOcean, LLC, SG
   10 167.71.223.55;    2026-01-15   DigitalOcean, LLC, SG
   10 104.248.147.10;   2026-01-15   DigitalOcean, LLC, SG
    9 64.23.158.207;    2026-01-15   DigitalOcean, LLC, US
    9 206.189.34.225;   2026-01-15   DigitalOcean, LLC, SG
    9 178.128.57.139;   2026-01-15   DigitalOcean, LLC, SG
    9 167.71.204.99;    2026-01-15   DigitalOcean, LLC, SG
    9 159.223.43.210;   2026-01-15   DigitalOcean, LLC, SG
    8 68.183.234.44;    2026-01-15   DigitalOcean, LLC, SG
    8 188.166.219.249;  2026-01-10   DigitalOcean, LLC, SG
    8 159.223.94.58;    2026-01-15   DigitalOcean, LLC, SG
    8 157.230.251.161;  2026-01-15   DigitalOcean, LLC, SG
    8 157.230.248.130;  2026-01-15   DigitalOcean, LLC, SG
    7 167.71.222.93;    2026-01-15   DigitalOcean, LLC, SG
    7 167.172.90.93;    2026-01-15   DigitalOcean, LLC, SG
    7 165.22.101.34;    2026-01-15   DigitalOcean, LLC, SG

6 202.1.31.161; 2026-01-16 VIVSTAR TELECOM (OPC) PRIVATELIMITED, SG

    6 178.128.90.96;    2026-01-15   DigitalOcean, LLC, SG
    6 139.59.123.216;   2026-01-15   DigitalOcean, LLC, SG
    5 143.198.218.102;  2026-01-15   DigitalOcean, LLC, SG
    5 139.59.118.74;    2026-01-15   DigitalOcean, LLC, SG
    5 103.59.160.237;   2025-12-31   PT Gunung Sedayu Sentosa, ID
    4 206.189.90.119;   2026-01-15   DigitalOcean, LLC, SG
    4 159.65.7.27;      2026-01-15   DigitalOcean, LLC, SG
    4 159.65.132.79;    2026-01-15   DigitalOcean, LLC, SG
    4 159.223.52.119;   2025-12-31   DigitalOcean, LLC, SG
    4 152.42.217.93;    2026-01-15   DigitalOcean, LLC, SG
    4 143.198.194.12;   2025-12-29   DigitalOcean, LLC, SG
    3 209.97.175.206;   2026-01-15   DigitalOcean, LLC, SG
    3 206.189.90.228;   2026-01-15   DigitalOcean, LLC, SG

3 202.1.31.177; 2026-01-16 VIVSTAR TELECOM (OPC) PRIVATELIMITED, SG3 202.1.31.174; 2026-01-13 VIVSTAR TELECOM (OPC) PRIVATELIMITED, SG

    3 178.128.112.248;  2026-01-15   DigitalOcean, LLC, SG
    3 174.138.26.23;    2026-01-04   DigitalOcean, LLC, SG
    3 165.232.188.22;   2026-01-10   DigitalOcean, LLC, IN
    3 157.230.143.80;   2026-01-16   DigitalOcean, LLC, US
    3 152.42.245.162;   2026-01-14   DigitalOcean, LLC, SG
    3 152.42.181.191;   2026-01-16   DigitalOcean, LLC, SG
    3 146.190.100.245;  2025-12-20   DigitalOcean, LLC, SG
    3 143.198.85.239;   2026-01-13   DigitalOcean, LLC, SG
    3 143.198.217.200;  2025-12-29   DigitalOcean, LLC, SG
    2 68.183.85.38;     2026-01-15   DigitalOcean, LLC, IN
    2 209.145.56.211;   2026-01-15   Contabo Inc., US
    2 188.166.228.51;   2026-01-15   DigitalOcean, LLC, SG
    2 167.71.205.35;    2025-12-22   DigitalOcean, LLC, SG
    2 165.232.191.158;  2026-01-15   DigitalOcean, LLC, IN
    2 165.22.49.23;     2026-01-15   DigitalOcean, LLC, SG
    2 165.22.242.127;   2026-01-15   DigitalOcean, LLC, SG
    2 165.22.100.217;   2026-01-15   DigitalOcean, LLC, SG
    2 159.89.201.109;   2025-12-22   DigitalOcean, LLC, SG
    2 159.65.143.148;   2026-01-15   DigitalOcean, LLC, SG
    2 159.223.94.187;   2025-12-29   DigitalOcean, LLC, SG
    2 159.223.68.90;    2026-01-15   DigitalOcean, LLC, SG
    2 159.223.47.230;   2025-12-22   DigitalOcean, LLC, SG
    2 157.245.151.230;  2026-01-10   DigitalOcean, LLC, SG
    2 157.245.111.226;  2026-01-10   DigitalOcean, LLC, IN
    2 152.42.223.87;    2026-01-16   DigitalOcean, LLC, SG
    2 143.198.196.161;  2026-01-15   DigitalOcean, LLC, SG
    2 143.110.188.214;  2026-01-15   DigitalOcean, LLC, IN
    2 129.212.229.125;  2026-01-16   DigitalOcean, LLC, SG
    1 94.156.152.7;     2026-01-16   Internet Magnate (Pty) Ltd, BG
    1 89.42.231.239;    2026-01-16   Amarutu Technology Ltd, NL
    1 89.42.231.179;    2026-01-16   Amarutu Technology Ltd, NL

1 79.133.126.183; 2026-01-16 G-Core Labs Customer assignment,NL

    1 68.183.75.104;    2026-01-16   DigitalOcean, LLC, DE
    1 68.183.229.69;    2026-01-10   DigitalOcean, LLC, SG
    1 64.225.26.162;    2026-01-16   DigitalOcean, LLC, US
    1 46.101.187.13;    2026-01-16   DigitalOcean, LLC, DE
    1 206.189.80.57;    2025-12-24   DigitalOcean, LLC, SG

1 202.1.31.176; 2026-01-12 VIVSTAR TELECOM (OPC) PRIVATELIMITED, SG

    1 159.89.204.13;    2026-01-16   DigitalOcean, LLC, SG
    1 159.203.103.160;  2026-01-16   DigitalOcean, LLC, US
    1 157.245.108.111;  2026-01-10   DigitalOcean, LLC, IN
    1 152.42.251.97;    2026-01-15   DigitalOcean, LLC, SG
    1 152.42.225.183;   2026-01-15   DigitalOcean, LLC, SG
    1 152.42.217.192;   2025-12-29   DigitalOcean, LLC, SG
    1 152.42.160.18;    2026-01-16   DigitalOcean, LLC, SG
    1 142.93.219.218;   2026-01-15   DigitalOcean, LLC, IN



_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Re: [mailop] PROPFIND to webmail?

Reply via email to