[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #229305 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Sat Jan 17 21:16:42 IST 2026

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, January 17, 2026 9:16:34 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #229305 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 229305

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  24089100       80297         7.7%          18.66.218.111
  22473300       74911         7.2%            18.66.218.8
  22229700       74099         7.1%           18.66.218.37
  22078800       73596         7.1%          162.125.69.14
  20562000       68540         6.6%          18.66.218.115
   6728400       22428         2.2%         57.144.248.192
   5798700       19329         1.9%   2001:bf8:900:d:2::71
   5317800       17726         1.7%         157.240.253.63
   4851600       16172         1.6%         142.251.140.97
   4781100       15937         1.5%         57.144.244.192

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  90065400      300218        28.8%    132.73.124.180
  24319200       81064         7.8%      132.76.61.53
  16535700       55119         5.3%    132.64.192.202
  16150800       53836         5.2%   128.139.225.245
  12410400       41368         4.0%     132.76.80.106
   6914700       23049         2.2%     128.139.200.4
   6677400       22258         2.1%     128.139.200.5
   6401400       21338         2.0%     132.73.124.97
   6163200       20544         2.0%     132.74.74.134
   6013200       20044         1.9%     132.64.244.28

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                             132.73.124.180               132484832400
                       443   132.73.124.180               132480826500
  18.66.218.111        443                                 35615417700
  18.66.218.111                                            35615417700
                               132.76.61.53                35062613700
                       443     132.76.61.53                35056906500
    18.66.218.8        443                                 33226660500
    18.66.218.8                                            33226660500
   18.66.218.37        443                                 32863030800
   18.66.218.37                                            32863030800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-17 19:12:22
End Time: ongoing

First Event Seen: 2026-01-17 19:10:00
Last Event Seen: 2026-01-17 19:15:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/229305/