[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #226066 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Dec 24 21:48:04 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, December 24, 2025 9:47:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #226066 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 226066

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  20728200       69094         7.6%      65.9.175.125
  19473000       64910         7.1%       65.9.175.95
  18123600       60412         6.6%       65.9.175.44
  17716800       59056         6.5%       65.9.175.17
  11213100       37377         4.1%   142.250.181.170
   5734800       19116         2.1%    57.144.248.192
   5103600       17012         1.9%   142.250.180.138
   4926900       16423         1.8%    157.240.253.63
   4386600       14622         1.6%     52.217.132.33
   3995400       13318         1.5%         3.5.3.100

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  76044600      253482        27.8%     132.70.60.180
  11172900       37243         4.1%      132.69.32.50
  10915200       36384         4.0%     132.65.180.15
   7280400       24268         2.7%    132.64.192.202
   6804600       22682         2.5%     128.139.200.5
   6234600       20782         2.3%   128.139.225.245
   6164400       20548         2.3%     128.139.200.4
   5008200       16694         1.8%     132.74.74.134
   3260400       10868         1.2%      192.114.5.10
   2980500        9935         1.1%      192.114.52.1

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                      443   132.70.60.180               112306274700
                            132.70.60.180               112306274700
  65.9.175.125        443                                30598358100
  65.9.175.125                                           30598358100
   65.9.175.95        443                                28774435500
   65.9.175.95                                           28774435500
   65.9.175.44        443                                26779527900
   65.9.175.44                                           26779527900
   65.9.175.17        443                                26152841100
   65.9.175.17                                           26152841100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-24 19:47:46
End Time: ongoing

First Event Seen: 2025-12-24 19:45:00
Last Event Seen: 2025-12-24 19:46:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/226066/