[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224547 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 15:26:17 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 3:26:10 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224547 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224547

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  4651500       15505         1.4%    57.144.248.192
  4369200       14564         1.3%   159.223.209.115
  4244100       14147         1.3%    216.58.204.234
  3286800       10956         1.0%    57.144.244.192
  3210300       10701         1.0%    157.240.253.63
  3181200       10604         1.0%     13.107.136.10
  3144300       10481         0.9%        3.5.77.233
  3124500       10415         0.9%   199.232.214.172
  2969700        9899         0.9%   199.232.210.172
  2857800        9526         0.9%      52.92.200.97

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  19941300       66471         6.0%     132.76.223.75
  13189500       43965         4.0%    132.76.221.234
  12243900       40813         3.7%    132.76.223.175
  11809800       39366         3.5%   128.139.225.245
  11346900       37823         3.4%    132.64.192.202
  11294400       37648         3.4%    132.76.220.127
  10793700       35979         3.2%    132.76.223.200
  10688700       35629         3.2%    132.76.221.194
   9705900       32353         2.9%    132.76.221.187
   8837100       29457         2.7%    132.76.221.217

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                443    132.76.223.75                29366611200
                       132.76.223.75                29366611200
                443   132.76.221.234                19401160200
                      132.76.221.234                19401160200
                443   132.76.223.175                18014402700
                      132.76.223.175                18014402700
                443   132.76.223.200                15925494900
                      132.76.223.200                15925494900
                443   132.76.221.194                15738135600
                      132.76.221.194                15738135600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 13:22:08
End Time: ongoing

First Event Seen: 2025-12-13 13:19:00
Last Event Seen: 2025-12-13 13:24:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224547/