diff --git a/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.md b/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.md
index 4a98be19127..ed2ae62d524 100644
--- a/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.md
+++ b/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.md
@@ -23,6 +23,8 @@ When previews are missing for files in the trash bin, a 404 error is returned wh
 
 In rare cases HTTP Probing will be triggered when opening multiple folders quickly, Nextcloud checks for a ``readme.md`` file and if it doesn't exist a 404 error is thrown.
 
+Auto uploading or synchronizing files from mobile clients authenticated with app token and enabled ``auth.storeCryptedPassword`` option on nextcloud server throw a lot of 403 and 404 on '/remote.php/dav/files/FILENAME' and '/index.php/apps/files/api/v1/thumbnail/' when checking for existing and possibly already disappeared files.
+
 ---
 ### Creating files via WebDAV
 When uploading files via WebDAV, a PROPFIND request is sent to the server, which returns 404 if the file does not
diff --git a/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml b/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml
index 8014e9ec29c..5f52530d374 100644
--- a/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml
+++ b/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml
@@ -8,11 +8,12 @@ whitelist:
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/files_versions/preview' && evt.Parsed.http_args contains 'version' #Backup app missing file version
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/photos/api/v1/preview' && evt.Parsed.http_args contains 'x' && evt.Parsed.http_args contains 'y' #Photo app loads all previews as small panes, but can 404
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Parsed.request contains '/core/preview' && evt.Parsed.http_args contains 'x=' && evt.Parsed.http_args contains 'y=' && evt.Parsed.http_args contains 'fileId=' #File preview often 404s while searching
-   - evt.Meta.http_status in ['404', '200'] && evt.Meta.http_verb in ['PROPFIND', 'GET'] && evt.Meta.http_path matches '^/remote.php/(web)?dav/' #Uploading new files via WebDAV always produces a 404
+   - evt.Meta.http_status in ['404', '403', '200'] && evt.Meta.http_verb in ['PROPFIND', 'PUT', 'GET'] && evt.Meta.http_path matches '^/remote.php/(web)?dav/' #Uploading new files via WebDAV always produces a 404, synchronizing from mobile clients with app token produces 403
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/mail/api/avatars/url/' #When loading mail contacts the avatars may get 404
    - evt.Meta.http_status == '200' && evt.Parsed.static_ressource == 'false' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/photos/api/v1/preview' && evt.Parsed.http_args contains '&x=' && evt.Parsed.http_args contains '&y=' && evt.Parsed.http_args contains 'etag=' #When loading multiple images inside Nextcloud Photos, HTTP Crawl non statics is triggered since the images look like dynamic assets.
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Parsed.request == '/ocs/v2.php/apps/text/workspace' && evt.Parsed.http_args contains 'path=%2F' #When opening folders in Nextcloud Files that don't contain a readme.md 404 error is thrown
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/files_trashbin/preview' && evt.Parsed.http_args contains 'fileId=' # 404 error thrown when preview is missing for files in trash bin
+   - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/files/api/v1/thumbnail/' # 404 error thrown when thumbnails are missing and synchronizing with mobile clients
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '\\/apps\\/files\\/api\\/v1\\/thumbnail\\/(\\d+)/(\\d+)'
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/bookmarks/bookmark' && (evt.Meta.http_path endsWith 'favicon' || evt.Meta.http_path endsWith 'image') #When loading NC bookmarks: some entries might have no favicon or no image
    - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/bookmarks/folder' && evt.Meta.http_path endsWith 'publictoken' #When loading NC bookmarks: private folders have no publictoken