[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254537 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Thu Feb 29 13:35:33 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 1:35:26 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254537 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254537

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2902200        9674        10.5%   124.221.186.26
   870900        2903         3.1%    94.156.71.105
   726000        2420         2.6%      94.156.71.4
   685200        2284         2.5%   104.156.155.14
   645900        2153         2.3%     94.156.64.72
   587700        1959         2.1%   132.74.189.252
   524700        1749         1.9%   89.248.163.168
   517500        1725         1.9%    39.105.169.11
   472200        1574         1.7%   94.156.189.228
   446100        1487         1.6%   89.248.165.212

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  222446100      741487       801.7%     192.114.5.216
  221351400      737838       797.8%     192.114.5.107
  149613900      498713       539.2%    132.74.189.252
   68296800      227656       246.1%      192.114.5.80
     604200        2014         2.2%      192.114.5.10
     220800         736         0.8%   192.114.105.254
     173700         579         0.6%     132.76.10.107
     154200         514         0.6%      132.76.61.54
     140400         468         0.5%      132.76.61.53
     134400         448         0.5%      132.68.40.43

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             192.114.5.216        443     14236550400
                             192.114.5.216                14236550400
                             192.114.5.107        443     14166489600
                             192.114.5.107                14166489600
                            132.74.189.252        443      9575289600
                            132.74.189.252                 9575289600
                              192.114.5.80        443      4370995200
                              192.114.5.80                 4370995200
                             132.76.10.107                  216146700
  154.85.69.20         80                                   185117100

Further Details:
https://primary.nemo.geant.org/alerts/details/254537/