[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225504 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 20 16:04:03 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 20, 2025 4:03:57 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225504 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225504

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  34243800      114146        10.5%           65.9.175.125
  34227300      114091        10.5%            65.9.175.44
  32922000      109740        10.1%            65.9.175.17
  26840100       89467         8.2%            65.9.175.95
  19057800       63526         5.8%        157.119.188.210
   4984800       16616         1.5%         216.58.204.234
   4299000       14330         1.3%          162.125.69.15
   4118100       13727         1.3%          142.93.38.197
   3943500       13145         1.2%   2001:bf8:900:d:2::71
   3841200       12804         1.2%         57.144.248.192

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  128293800      427646        39.2%      132.70.60.14
   19057800       63526         5.8%     132.73.180.40
    9749100       32497         3.0%    192.114.23.221
    7229700       24099         2.2%      132.76.10.43
    6113400       20378         1.9%   128.139.225.245
    5859900       19533         1.8%     132.74.74.134
    5800800       19336         1.8%    132.64.192.202
    5562600       18542         1.7%     128.139.200.5
    4877400       16258         1.5%     128.139.200.4
    4279200       14264         1.3%      192.114.2.47

Top-10 Possible Targets by Bytes:
        Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
                      443   132.70.60.14               189298844100
                            132.70.60.14               189298844100
  65.9.175.125        443                               50533587900
  65.9.175.125                                          50533587900
   65.9.175.44        443                               50515371600
   65.9.175.44                                          50515371600
   65.9.175.17        443                               48610837800
   65.9.175.17                                          48610837800
   65.9.175.95        443                               39635853600
   65.9.175.95                                          39635853600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-20 13:59:46
End Time: ongoing

First Event Seen: 2025-12-20 13:57:00
Last Event Seen: 2025-12-20 14:02:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225504/