[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224547 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 15:22:28 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 3:22:17 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224547 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224547

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  3266100       10887         1.5%    216.58.204.234
  3224100       10747         1.5%   159.223.209.115
  2979900        9933         1.4%    57.144.248.192
  2122200        7074         1.0%     13.107.136.10
  2115300        7051         1.0%    57.144.244.192
  2058000        6860         1.0%    157.240.253.63
  1963200        6544         0.9%   199.232.214.172
  1951200        6504         0.9%   199.232.210.172
  1809900        6033         0.8%        3.5.77.233
  1761600        5872         0.8%     52.92.226.113

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  11144700       37149         5.2%     132.76.223.75
   8546400       28488         4.0%    132.76.221.234
   8214600       27382         3.8%    132.64.192.202
   8021400       26738         3.7%    132.76.223.175
   7694700       25649         3.6%   128.139.225.245
   7074300       23581         3.3%    132.76.221.194
   6123900       20413         2.9%    132.76.220.127
   6075600       20252         2.8%    132.76.221.217
   5610300       18701         2.6%    132.76.221.211
   5590500       18635         2.6%    132.76.223.200

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                443    132.76.223.75                16404318000
                       132.76.223.75                16404318000
                443   132.76.221.234                12560763600
                      132.76.221.234                12560763600
                443   132.76.223.175                11794017900
                      132.76.223.175                11794017900
                443   132.76.221.194                10414213200
                      132.76.221.194                10414213200
                443   132.76.221.217                 8946751200
                      132.76.221.217                 8946751200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 13:22:08
End Time: ongoing

First Event Seen: 2025-12-13 13:19:00
Last Event Seen: 2025-12-13 13:20:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224547/