Thanks for your suggestions. For testing purpose I did deactivate bruteforce protection as you mentioned, which speeds up calendar entries creation as expected. I would like to know, how I can find out which ip is causing this. Where can I find this information?
Also it seems that all users are affected because of proxy activated, so one user triggering this by misconfiguration of one client resulting in slow connections to nextcloud for all internal users.
Reading in the nextcloud docs:
…If you run into a situation where login is often very slow for all users the first step is to inspect the bruteforce_attempts table. There you can see which IP addresses are actually throttled.