Extreme Threat
IP 142.202.191.102 is a critical-risk address associated with sustained hacking activity, having accumulated 2,118 abuse reports within a two-month window and operating from a network infrastructure that exhibits concerning characteristics for a US-based IP. Despite a moderate 62% confidence score, the maximum threat level designation and concentration of honeypot sensor detections make this address a confirmed source of automated intrusion attempts that should be blocked at the network perimeter without hesitation.
The volume of reports filed against 142.202.191.102 is notably high for a short engagement window spanning January to February 2026, with all 20 most recent threat categorizations consistently identifying hacking activity. The IP originates from DYNU's autonomous system AS398019, and the consistent triggering of automated honeypot sensors indicates that the address is actively scanning and probing target networks rather than passively existing. The zero activity frequency rating against a ten-point scale suggests these attacks are intermittent or batched rather than continuous, which is typical of credential stuffing campaigns and vulnerability scanning tools that cycle through target ranges in defined intervals.
Hacking activity in this context encompasses automated exploitation attempts, unauthorized access probing, and vulnerability scanning conducted against exposed services such as SSH, Telnet, or web application interfaces. The real-world risk to an exposed organization is significant: successful intrusion can lead to data exfiltration, malware deployment, lateral movement within internal networks, or the establishment of persistent footholds for future campaigns. The honeypot detections confirm that 142.202.191.102 is running systematic reconnaissance and exploit attempts against internet-facing systems, making it a direct threat to any unpatched or misconfigured infrastructure it encounters.
Site operators should immediately block 142.202.191.102 at the firewall level and implement geolocation-based restrictions if the US region is not operationally required. Deploying fail2ban or equivalent intrusion prevention tools can automatically ban addresses that trigger authentication failure thresholds. Enforcing key-based authentication, disabling unused services, and maintaining strict patch management schedules will substantially reduce the attack surface that this address attempts to exploit. Continuous monitoring of abuse reports and integration of threat intelligence feeds will ensure this and similar addresses are promptly mitigated before they yield successful compromises.
UA 
HK 
BE 
PL