A simple Python script which I used to scan suspicious webdav servers, looking for recently-updated malicious files to research.

WebDAVAnalysis.py

# WebDAVAnalysis.py
from webdav3.client import Client

domains = ['dhqidee98lja03f52atdmii.webdav.drivehq.com',
 'dhqidcr68ljmwke8780y3bg.webdav.drivehq.com',
 'kpm.webdav.drivehq.com',
 'dhqidv8g20pwi1uxkdlojyb.webdav.drivehq.com',
 'dhqid9pjapv63d8xvji8g4s.webdav.drivehq.com',
 'dhqidaxs78nhjtsucbk0eg2.webdav.drivehq.com',
 'dhqidfvyxawy0du9akl2ium.webdav.drivehq.com',
 'dhqid6ys009mqej1v71y46u.webdav.drivehq.com',
 'dhqid81jmilrp7lbi0c0ow2.webdav.drivehq.com',
 'dhqidwhws4rkw80f312lkpm.webdav.drivehq.com',
 'dhqidoakoljbb9jnbssiau2.webdav.drivehq.com',
 'dhqid8lp24fv3o5nbvcueuk.webdav.drivehq.com',
 'dhqidi6a3iy71pn2wdeogny.webdav.drivehq.com',
 'dhqid6cfbo7mj37f9gx48b6.webdav.drivehq.com',
 'dhqid45r064utd5gygt2jy6.webdav.drivehq.com',
 'dhqid29osoc30h1mld31pql.webdav.drivehq.com',
 'dhqidqh6mt2rhfqj1ae34yc.webdav.drivehq.com',
 'dhqiduk8sf2abhuvd307132.webdav.drivehq.com',
 'dhqidtutrnk8umj0l0wcy7a.webdav.drivehq.com',
 'dhqidhx2c2f2oc8lccg38tx.webdav.drivehq.com',
 'dhqiddp9xdrg3f3knh0frhc.webdav.drivehq.com',
 'dhqidlyo41oekq7wv5me17y.webdav.drivehq.com',
 'dhqidl9j3dhcx6i4y5a6li9.webdav.drivehq.com',
 'dhqidyy2nqes57csk0xetry.webdav.drivehq.com',
 'dhqidqot3k8sh7ve2ns9nry.webdav.drivehq.com',
 'dhqid2lx4okael3na7t6yt7.webdav.drivehq.com',
 'dhqidvooruijtwg0lyucl5s.webdav.drivehq.com',
 'dhqidvdosqx8tu0vq1h1d1g.webdav.drivehq.com',
 'dhqidcupux3thuinkibxwui.webdav.drivehq.com',
 'dhqidiq6blnmo9ipaymtlr6.webdav.drivehq.com',
 'dhqid2u8ov565fj5w26ieet.webdav.drivehq.com',
 'dhqidlu10mna2tuk2qfoaew.webdav.drivehq.com',
 'dhqidpmc4be3lgcmhj5maom.webdav.drivehq.com',
 'dhqid7oal97wjj19d6rkvs4.webdav.drivehq.com',
 'dhqidwiee3k7styl5oe44yy.webdav.drivehq.com',
 'dhqid3c6irxp669a1h6vp04.webdav.drivehq.com',
 'dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com',
 'dhq.webdav.drivehq.com',
 'dhqidckse5f3li2fxx3s0sp.webdav.drivehq.com',
 'dhqid5neul4wc9w74pynlrs.webdav.drivehq.com',
 'dhqidgnmst61lc8gboy0qu4.webdav.drivehq.com',
 'dhqidxb4b0v1ch53oftrp1n.webdav.drivehq.com',
 'dhqidalvkvxl5buqk4ibu7g.webdav.drivehq.com',
 'dhqidsjm8djcbwvod7j58uk.webdav.drivehq.com',
 'dhqid3b4b9u6ecv6jcxva0f.webdav.drivehq.com',
 'dhqidhhva53s2qvmxwxtkrm.webdav.drivehq.com',
 'dhqido7gy8hiehwprjhli16.webdav.drivehq.com',
 'dhqid4hv2k7lf6twpnrkoft.webdav.drivehq.com',
 'dhqidvjn6bfvi00cb0834a3.webdav.drivehq.com',
 'dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com',
 'dhqidk9oi3yuhf43sb05xgn.webdav.drivehq.com']

print("Checking for response.")
responding = []
for domain in domains:
    print(domain)
    try:
        if Client({"webdav_hostname": "https://" + domain}).check():
            responding.append("https://" + domain)
    except:
        pass

print("\n\n")
for item in responding:
    print(item)
    client = Client(options={"webdav_hostname": item})
    listing = client.list("/", True)
    for i in listing:
        print("\t" + i["name"] + ": " + i["modified"])
    print("\n")

None of these subdomains/URLs are valid now. They are blocked and redirected to a web page that displays an error message.

DriveHQ.com is a leading Cloud Hosting service provider offering the most reliable and efficient WebDAV Drive Mapping/Cloud File Server service.

These subdomains/URLs were created by some free users who abused our service. DriveHQ
tightened the security long time ago. Users can no longer create such subdomains / URLs. For legitimate users, they can simply download DriveHQ WebDAV Drive Mapping Tool software. It is very easy to map cloud drives. Regular URL based drive mapping is also supported. Please visit www.DriveHQ.com for more details. (From DriveHQ.com customer support)