[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228031 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Fri Jan 9 13:02:19 IST 2026

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, January 9, 2026 1:02:09 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228031 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 228031

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  65208600      217362        26.1%       172.64.66.1
  13473600       44912         5.4%     162.125.69.14
   5091900       16973         2.0%   199.232.209.133
   5079000       16930         2.0%       31.13.84.52
   5037600       16792         2.0%   199.232.210.172
   3962400       13208         1.6%     132.70.60.180
   3732900       12443         1.5%   142.250.180.170
   3485100       11617         1.4%    57.144.248.192
   3138300       10461         1.3%     34.104.35.123
   2886900        9623         1.2%    17.253.122.195

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  65913000      219710        26.3%     132.70.60.180
  12534300       41781         5.0%      132.76.61.53
  11532900       38443         4.6%      192.114.5.10
   8153400       27178         3.3%    132.64.192.202
   6591000       21970         2.6%   128.139.225.245
   5666700       18889         2.3%    132.73.124.194
   5465400       18218         2.2%     128.139.200.4
   4795800       15986         1.9%     128.139.200.5
   4037100       13457         1.6%      132.76.61.54
   3957000       13190         1.6%       172.64.66.1

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                       443   132.70.60.180                96801119700
                             132.70.60.180                96801119700
    172.64.66.1        443                                96799044000
    172.64.66.1                                           96799044000
  162.125.69.14        443                                19670845200
  162.125.69.14                                           19670845200
                              132.76.61.53                16956842400
                       443    132.76.61.53                16954750800
  162.125.69.14                                 64386     16306542300
                              132.76.61.53      64386     16306542300

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-09 11:01:50
End Time: ongoing

First Event Seen: 2026-01-09 10:59:00
Last Event Seen: 2026-01-09 11:00:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/228031/