[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406568 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Mon Feb 16 18:33:47 IST 2026



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 16, 2026 6:33:42 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406568 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406568

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  25591500       85305         5.9%     95.100.181.33
  25338900       84463         5.8%     95.100.181.31
  20529900       68433         4.7%     95.100.181.17
  19267800       64226         4.4%   192.178.203.136
  19180200       63934         4.4%    192.178.203.91
  18470700       61569         4.2%    192.178.203.93
  17321400       57738         4.0%   192.178.203.190
  15492300       51641         3.6%      95.100.181.9
  10779000       35930         2.5%     162.125.69.14
   6468600       21562         1.5%    216.58.204.138

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  15088800       50296         3.5%     132.73.124.68
  14966400       49888         3.4%      132.73.124.8
  14303400       47678         3.3%      132.76.61.53
  13343400       44478         3.1%    132.73.124.168
  12171900       40573         2.8%     132.73.124.94
  12071100       40237         2.8%     132.73.124.72
  11927700       39759         2.7%     128.139.200.4
  11460300       38201         2.6%     128.139.200.5
  11297400       37658         2.6%     132.73.124.32
  10191900       33973         2.3%   128.139.225.242

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
    95.100.181.33        443                         38191465800
    95.100.181.33                                    38191465800
    95.100.181.31                                    37845408600
    95.100.181.31        443                         37609638300
    95.100.181.17        443                         30197296200
    95.100.181.17                                    30197296200
  192.178.203.136        443                         27850061700
  192.178.203.136                                    27850061700
   192.178.203.91        443                         27742780500
   192.178.203.91                                    27742780500

Metric Info:
1M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate

Start Time: 2026-02-16 16:25:23
End Time: ongoing

First Event Seen: 2026-02-16 16:23:00
Last Event Seen: 2026-02-16 16:32:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406568/