[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #246300 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Wed Apr 29 20:43:05 IDT 2026

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 29, 2026 8:42:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #246300 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 246300

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  44266800      147556        10.6%    18.161.97.115
  42848100      142827        10.3%     18.161.97.21
  40798800      135996         9.8%     18.161.97.31
  28617600       95392         6.9%     18.161.97.64
  11241000       37470         2.7%     159.60.33.33
   7980300       26601         1.9%   57.144.248.192
   7945800       26486         1.9%     159.60.33.37
   7406400       24688         1.8%     132.76.61.53
   6926100       23087         1.7%   157.240.253.63
   6861900       22873         1.6%     132.76.61.52

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  49640400      165468        11.9%      132.76.61.52
  45840300      152801        11.0%      132.76.61.53
  43915500      146385        10.6%      132.76.61.54
  29930100       99767         7.2%      132.76.61.51
  27488100       91627         6.6%   128.139.225.242
  11241600       37472         2.7%    128.139.220.91
   9181200       30604         2.2%      192.114.5.10
   7946400       26488         1.9%    128.139.220.90
   7215600       24052         1.7%     18.161.97.115
   7161300       23871         1.7%    132.65.128.125

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                             132.76.61.52                66364964100
                       443   132.76.61.52                66334818900
                             132.76.61.53                66258900300
                       443   132.76.61.53                66258838200
  18.161.97.115        443                               65049187200
  18.161.97.115                                          65049187200
   18.161.97.21        443                               62951086500
   18.161.97.21                                          62951086500
                             132.76.61.54                61511165700
                       443   132.76.61.54                61509775500

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-29 17:42:44
End Time: ongoing

First Event Seen: 2026-04-29 17:40:00
Last Event Seen: 2026-04-29 17:41:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/246300/