[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225504 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 20 16:00:06 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 20, 2025 3:59:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225504 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225504

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  24842700       82809         9.7%      65.9.175.125
  23148900       77163         9.1%       65.9.175.44
  22993800       76646         9.0%       65.9.175.17
  17670900       58903         6.9%       65.9.175.95
  16074300       53581         6.3%   157.119.188.210
   3938100       13127         1.5%    216.58.204.234
   3818100       12727         1.5%     162.125.69.15
   3470400       11568         1.4%     142.93.38.197
   3375600       11252         1.3%       92.61.235.5
   3238500       10795         1.3%   142.251.141.234

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  88716000      295720        34.7%      132.70.60.14
  16074300       53581         6.3%     132.73.180.40
   8330100       27767         3.3%    192.114.23.221
   6056100       20187         2.4%      132.76.10.43
   4864500       16215         1.9%     132.74.74.134
   4775700       15919         1.9%   128.139.225.245
   4583100       15277         1.8%     128.139.200.5
   4244700       14149         1.7%      192.114.2.47
   4185300       13951         1.6%     128.139.200.4
   4097100       13657         1.6%    132.64.192.202

Top-10 Possible Targets by Bytes:
        Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
                      443   132.70.60.14               130862128200
                            132.70.60.14               130862128200
  65.9.175.125        443                               36659457600
  65.9.175.125                                          36659457600
   65.9.175.44        443                               34158851700
   65.9.175.44                                          34158851700
   65.9.175.17        443                               33946369500
   65.9.175.17                                          33946369500
   65.9.175.95        443                               26095618200
   65.9.175.95                                          26095618200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-20 13:59:46
End Time: ongoing

First Event Seen: 2025-12-20 13:57:00
Last Event Seen: 2025-12-20 13:58:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225504/