[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224484 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 05:47:22 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 5:47:14 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224484 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224484

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  44738400      149128        16.0%       65.9.175.95
  36114900      120383        12.9%       65.9.175.17
  30736200      102454        11.0%      65.9.175.125
  30138600      100462        10.8%       65.9.175.44
  13353900       44513         4.8%   142.250.180.170
   4244100       14147         1.5%   159.223.209.115
   4023300       13411         1.4%       52.107.3.41
   2996700        9989         1.1%   199.232.214.172
   2960100        9867         1.1%   142.250.180.138
   2925900        9753         1.0%   199.232.210.172

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  141748200      472494        50.8%     132.70.60.180
   14421300       48071         5.2%     132.74.56.132
    3725700       12419         1.3%     192.114.3.241
    3217800       10726         1.2%     132.64.222.92
    3174300       10581         1.1%   128.139.225.245
    3091200       10304         1.1%      132.76.61.51
    2924700        9749         1.0%    132.64.192.202
    2454600        8182         0.9%     128.139.200.4
    2429700        8099         0.9%     128.139.200.5
    2210400        7368         0.8%      132.76.61.52

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                            132.70.60.180               209357674200
                      443   132.70.60.180               209357628600
   65.9.175.95        443                                66085450800
   65.9.175.95                                           66085450800
   65.9.175.17        443                                53337961800
   65.9.175.17                                           53337961800
  65.9.175.125        443                                45396186000
  65.9.175.125                                           45396186000
   65.9.175.44        443                                44508335100
   65.9.175.44                                           44508335100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 03:43:02
End Time: ongoing

First Event Seen: 2025-12-13 03:40:00
Last Event Seen: 2025-12-13 03:45:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224484/