[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224583 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 21:51:15 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 9:51:09 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224583 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224583

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  10185300       33951         2.9%     52.218.250.99
   6188100       20627         1.7%    57.144.248.192
   6077700       20259         1.7%     194.50.16.158
   5654400       18848         1.6%   142.251.141.234
   5337600       17792         1.5%         3.5.81.57
   5100000       17000         1.4%    57.144.244.192
   4970400       16568         1.4%    157.240.253.63
   3903300       13011         1.1%          3.5.81.8
   3622500       12075         1.0%        3.5.79.196
   3456000       11520         1.0%       16.12.98.57

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  18130200       60434         5.1%   128.139.225.245
  15058500       50195         4.2%    132.76.221.250
  14979300       49931         4.2%     132.76.214.72
  14396100       47987         4.0%    132.64.192.202
  14394600       47982         4.0%    132.76.223.183
  13989300       46631         3.9%    132.76.221.224
  12561900       41873         3.5%    132.76.221.199
  11037300       36791         3.1%      132.76.222.0
   9763500       32545         2.7%     132.76.223.87
   9019200       30064         2.5%      132.76.222.1

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                443   132.76.221.250                22220024400
                      132.76.221.250                22220024400
                443    132.76.214.72                22081911900
                       132.76.214.72                22081911900
                443   132.76.223.183                21192490200
                      132.76.223.183                21192490200
                443   132.76.221.224                20605022700
                      132.76.221.224                20605022700
                443   132.76.221.199                18531430800
                      132.76.221.199                18531430800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 19:47:08
End Time: ongoing

First Event Seen: 2025-12-13 19:44:00
Last Event Seen: 2025-12-13 19:49:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224583/