[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254226 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Wed Feb 28 20:18:04 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, February 28, 2024 8:17:59 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254226 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254226

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  8521200       28404        25.8%      137.74.17.22
   983100        3277         3.0%     137.184.255.7
   960000        3200         2.9%       218.92.0.30
   648300        2161         2.0%   192.241.196.108
   644400        2148         2.0%     104.156.155.4
   515400        1718         1.6%     104.156.155.9
   500100        1667         1.5%    94.156.189.228
   488400        1628         1.5%    89.248.163.168
   455700        1519         1.4%    89.248.165.212
   393300        1311         1.2%      79.110.62.92

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  144154500      480515       436.3%    132.74.123.103
   78014100      260047       236.1%    132.74.189.121
     357600        1192         1.1%     132.66.253.21
     105000         350         0.3%   128.139.225.245
      57900         193         0.2%      132.76.61.54
      50700         169         0.2%      132.76.61.53
      36900         123         0.1%   192.114.105.254
      35700         119         0.1%     132.73.17.146
      30600         102         0.1%       192.114.7.2
      26700          89         0.1%    192.114.91.245

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                            132.74.123.103        443      9225888000
                            132.74.123.103                 9225888000
                            132.74.189.121        443      4992895200
                            132.74.189.121                 4992895200
  52.84.151.45        443                                   442698000
  52.84.151.45                                  37386       442698000
  52.84.151.45                                              442698000
                      443    132.66.253.21                  442698000
                             132.66.253.21      37386       442698000
                             132.66.253.21                  442698000

Further Details:
https://primary.nemo.geant.org/alerts/details/254226/