Is IP address 119.96.131.105 dangerous?

Yes, 119.96.131.105 is considered dangerous with a threat level of 8/10. It has been reported 160 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 119.96.131.105?

IP address 119.96.131.105 is operated by CHINANET Hubei province network (ASN 58563) and is geolocated to CN. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 119.96.131.105?

Yes, blocking 119.96.131.105 is strongly recommended. With a threat level of 8/10 and 160 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 119.96.131.105?

Our threat assessment for 119.96.131.105 has a confidence score of 98%, based on 160 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

119.96.131.105

IPv4 Public

AS58563

CHINANET Hubei province network

160 Reports

CN Location

CHINANET Hubei province n... ASN 58563

160 Reports

Honeypot Data Source

Significant Threat

IP 119.96.131.105 is a high-risk address linked to persistent SSH brute-force attacks, with a threat level of 8/10 and 160 abuse reports logged by automated honeypot sensors. Operating from the CHINANET Hubei province network in China (AS58563), this IP demonstrates clear malicious intent against exposed SSH services, representing a concrete threat to server security.

The IP has generated 160 reports with a 98% confidence score and an activity frequency of 8/10, with both first and most recent reports dated February 2026. Of the categorized threats, SSH attacks account for 13 reports while general hacking activity comprises 8 reports, all detected across 17 separate automated honeypot sensors. Honeypot logs document a consistent pattern of repeated SSH brute-force attempts followed by SSH activity and command-input behavior, indicating the attackers successfully progressed through authentication stages before issuing commands on simulated systems.

SSH brute-force attacks systematically attempt to guess server credentials by rapidly cycling through username and password combinations, exploiting weak or default credentials on exposed services. The concrete risk includes complete server compromise with root-level access, enabling data theft, malware deployment, botnet recruitment, or lateral movement into connected networks. The presence of command-input activity in the logs suggests automated tools are executing multi-stage attack sequences beyond initial authentication attempts, escalating the severity beyond simple credential testing.

Administrators should immediately restrict SSH access by deploying key-based authentication instead of passwords, changing the default port from 22, and disabling direct root login. Implementing tools such as fail2ban can dynamically block repeated connection attempts from offending IP addresses. All SSH services should be kept current with security patches, and network-level access controls should limit exposure to trusted IP ranges where feasible.

More threatening than 82% of monitored IPs

Threat Categories

SSH 13

Hacking 8

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Reputable Network

This IP is hosted on a network (ASN 58563) with generally good reputation. The ISP CHINANET Hubei province network maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

Reputation Summary

Threat Level 8/10 High

Critical

Activity Frequency 8/10 High

Confidence Score 67% High Confidence

Confidence History

12. Feb 2026 - 27. Feb 2026

98% Current

Stable Trend

Date	Categories	Source	Confidence
27. Feb 2026	SSH	Honeypot	75%
27. Feb 2026	SSH	Honeypot	75%
27. Feb 2026	SSH	Honeypot	75%
26. Feb 2026	SSH	Honeypot	75%
26. Feb 2026	SSH	Honeypot	75%
26. Feb 2026	SSH	Honeypot	75%
25. Feb 2026	SSH	Honeypot	75%
24. Feb 2026	SSH	Honeypot	75%
12. Feb 2026	Hacking	Honeypot	75%
12. Feb 2026	SSH	Honeypot	75%
12. Feb 2026	Hacking	Honeypot x7	75%
12. Feb 2026	Hacking	Honeypot x7	75%
12. Feb 2026	Hacking SSH	Honeypot x11	75%
12. Feb 2026	Hacking SSH	Honeypot x27	75%
12. Feb 2026	Hacking SSH	Honeypot x67	75%
12. Feb 2026	Hacking SSH	Honeypot x17	75%
12. Feb 2026	Hacking	Honeypot x10	75%

Basic Information

IP Address: 119.96.131.105
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class A

Geolocation

Country: CN
ASN: AS58563
ISP: CHINANET Hubei province network

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 160
First Reported: 12 Feb 2026
Last Reported: 27 Feb 2026, 10:22

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS58563

Organization: CHINANET Hubei province network

Country:

Network Threat Assessment

2/10

This network appears to be relatively clean with very low threat indicators.

Network Statistics

Total IPs Monitored

2,347

Total Reports

106.7

Reports per IP

Network Context

This IP address belongs to CHINANET Hubei province network (AS58563), which manages 22 IP addresses in our monitoring system. Out of these, 2,347 have been reported for suspicious activities, resulting in a network-wide threat level of 2/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

82 %

Global Threat Ranking

This IP is more threatening than 82% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,738 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++

Total Reports 160 avg: 23 ++

Network Comparison

Compared against 25 IPs in ASN 58563

Threat Level 8/10 network avg: 7.9 =

Total Reports 160 network avg: 96 ++

Network CHINANET Hubei province network has overall threat level 2/10

Geographic Comparison

Compared against 26,029 IPs in CN

Threat Level 8/10 country avg: 3.7 ++

Total Reports 160 country avg: 6 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 0 reports

Daily Average 0 reports/day

Most Active Thursday 12 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

SSH 13

Hacking 8

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 05:00 with 8 reports

Weekly Activity

Geographic Threat Distribution

187,378 threat incidents tracked globally • Last 24h: 18,990 Logs

FEED

Top Threat Sources

01

United States US

38,468 20.5%
02

India IN

29,138 15.6%
03

China CN THIS IP

26,029 13.9%
04

Brazil BR

10,256 5.5%
05

Germany DE

7,144 3.8%
06

Singapore SG

6,476 3.5%
07

Indonesia ID

5,551 3%
08

Russia RU

4,703 2.5%
09

Pakistan PK

4,677 2.5%
10

Netherlands NL

4,358 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

8.4/10 Avg Threat

69% Avg Confidence

18 High Threat

High-risk network: Majority of related IPs are flagged

Significant Threat

Threat Categories

Technical Details

Recommended Mitigations

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]