166.186.196.158
IP Intelligence Briefing: 166.186.196.158
Date: 2026-05-29
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Provider: AT&T Enterprises, LLC (ASN 20057)
- Geolocation: United States (generalized; no city/region)
- Network Role: Residential endpoint with LTE/5G mobile carrier technology
- Threat Indicators: No malicious activity detected (no known attackers, spam, or abuse).
---
**2. Network Relationships**
- Subnet: 166.186.196.0/24
- Key Associations:
- Linked to `AEL-360` network (repeatedly observed).
- DNS hostname: `mobile-166-186-196-158.mycingular.net` (mycingular.net domain).
- Neighbor Subnet Abuse Density: 14.29% (mostly clean).
---
**3. Neighborhood Analysis**
- Subnet: 166.186.196.0/24
- Neighbor Risk Distribution:
- 2 IPs with medium risk (scores: 50).
- 4 IPs with low risk (scores: 25β0).
- Notable Neighbors:
- `166.186.196.126` (risk: 50), `166.186.196.152` (risk: 50).
---
**4. Historical Observations**
- Risk Trends: Stable low risk over 30 days.
- Geolocation Validation: ICMP blocked; geolocation inferred as US (latitude 39.83, longitude -98.58).
- Network Stability: Subnet route stability score: 0.26 (Basic operator rating).
---
**5. Actionable Insights**
- Monitor Neighbors: Focus on high-risk neighbors (e.g., `166.186.196.126`, `166.186.196.152`) for potential lateral movement.
- Verify DNS: Investigate `mycingular.net` for DNS misconfigurations or abuse.
- Subnet Security: Ensure subnet segmentation to isolate residential/mobile endpoints from critical systems.
---
Conclusion:
The IP is a low-risk residential mobile endpoint under AT&T. While no direct threats are detected, the subnet contains medium-risk neighbors. SOC teams should prioritize monitoring these neighbors and validating DNS configurations to mitigate potential indirect risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | AT&T Enterprises, LLC |
| ASN | AS20057 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | mobile-166-186-196-158.mycingular.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | mobile-166-186-196-158.mycingular.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User β Residential ISP endpoint |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 19% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 12:12:05 UTC |
| Last Seen | 2026-06-06 20:19:31 UTC |
| Profile Built | 2026-06-06 20:29:07 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.