66.132.172.16

Summary (Bottom Line Up Front)

Malicious activity detected from 66.132.172.16 (US, ASNone). 875 events observed across BACnet, EtherNet/IP, TCP, TCP/SYN. AI verdict: NOISE.

BACnet EtherNet/IP TCP TCP/SYN
EXPLOIT ANOMALY
Activity Timeline
INITIAL REPORT2026-05-10T11:27:28Z
Source: Analyst Manual Entry
Malicious activity detected from 66.132.172.16 (US, ASNone). 875 events observed across BACnet, EtherNet/IP, TCP, TCP/SYN. AI verdict: NOISE.
Technical details
Protocols: BACnet, EtherNet/IP, TCP, TCP/SYN
Attack types: ANOMALY, EXPLOIT
Unique destination ports: 27
Active window: 2026-04-01 00:37:40.651900 to 2026-05-10 12:38:46.045217
Top patterns: suricata_sid_2402000, suricata_sid_2010936
IOCs
IP:66.132.172.16
COUNTRY:US
Recommendations
  • Block 66.132.172.16 at perimeter firewall
  • Review correlated attacker profiles for campaign links
Threat Assessment
Threat Level LOW
AI Verdict NOISE
Confidence 95%
Total Events 875
AbuseIPDB 100/100
Indicators of Compromise
ip 66.132.172.16
country US
Captured Payloads (2)
HIGH ANOMALY TCP:1521 
ET SCAN Suspicious inbound to Oracle SQL port 1521
HIGH EXPLOIT TCP:389 
ET DROP Dshield Block Listed Source group 1