🔥 IPS 威脅報告與惡意 IP 監控

本報告彙整了 2ns.org 監測節點偵測到的即時攻擊行為。包含 SQL Injection、XSS 跨站腳本 以及非法檔案存取嘗試。提供管理者作為防火牆黑名單設定參考。

最後更新：2026-06-03 13:58:35 📥 下載完整報告

時間	攻擊名稱	來源 IP (下載威脅IP清單)	動作
-	Apache.HTTP.Server.cgi-bin.Path.Traversal	216.57.110.81	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	102.180.146.245	dropped
-	AndroxGh0st.Malware	185.93.89.132	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	45.229.38.59	dropped
-	Apache.HTTP.Server.cgi-bin.Path.Traversal	185.113.10.178	dropped
-	Dasan.GPON.Remote.Code.Execution	86.97.24.35	dropped
-	D-Link.DSL-2750B.CLI.OS.Command.Injection	181.96.200.50	dropped
-	HTPasswd.Access	52.159.243.170	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	52.159.243.170	dropped
-	MooBot.Botnet	34.60.26.144	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	185.136.148.83	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	45.174.165.62	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	131.222.210.149	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	131.222.210.149	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	154.58.229.20	dropped
-	Web.Server.Password.File.Access	45.87.212.182	dropped
-	Cross.Site.Scripting	45.87.212.182	detected
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	60.246.15.25	dropped
-	HTTP.URI.SQL.Injection	31.59.137.169	dropped
-	HTTP.URI.SQL.Injection	31.59.137.169	dropped
-	PHP.CGI.Argument.Injection	176.123.1.163	dropped
-	Multiple.Routers.GPON.formLogin.Remote.Command.Injection	223.123.42.236	dropped
-	HTPasswd.Access	64.236.169.122	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	64.236.169.122	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	181.178.226.203	dropped
-	HTTP.URI.SQL.Injection	31.59.137.169	dropped
-	HTTP.URI.SQL.Injection	31.59.137.169	dropped
-	JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execution	45.71.14.204	dropped
-	HTTP.URI.SQL.Injection	77.90.51.127	dropped
-	HTTP.URI.SQL.Injection	77.90.51.127	dropped
-	HTTP.URI.SQL.Injection	77.90.51.127	dropped
-	HTTP.URI.SQL.Injection	77.90.51.127	dropped
-	HTTP.URI.SQL.Injection	77.90.51.127	dropped
-	Apache.HTTP.Server.cgi-bin.Path.Traversal	41.75.114.30	dropped
-	D-Link.Devices.HNAP.SOAPAction-Header.Command.Execution	72.255.19.12	dropped
-	HTPasswd.Access	172.210.149.53	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	172.210.149.53	dropped
-	HTTP.URI.SQL.Injection	31.56.209.35	dropped
-	HTTP.URI.SQL.Injection	31.56.209.35	dropped
-	HTTP.URI.SQL.Injection	31.56.209.35	dropped
-	HTTP.URI.SQL.Injection	31.56.209.35	dropped
-	HTTP.URI.SQL.Injection	31.56.209.35	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	20.171.20.26	dropped
-	HTPasswd.Access	20.172.6.68	dropped
-	Spring.Boot.Actuator.Unauthorized.Access	20.172.6.68	dropped
-	MooBot.Botnet	34.60.26.144	dropped
-	Gh0st.Rat.Botnet	66.240.205.34	dropped
-	HTTP.Negative.Content.Length	172.105.101.207	dropped
-	HTTP.Negative.Content.Length	172.105.101.207	dropped
-	HTTP.Negative.Content.Length	172.105.101.207	dropped

🔍 網路安全威脅解析 (Security Knowledge)

• SQL 注入 (SQL Injection)
攻擊者嘗試透過輸入框執行惡意資料庫指令，可能導致資料外洩或被刪除。

• 跨站腳本 (XSS)
嘗試在網頁注入惡意腳本，用於竊取 User Session 或劫持瀏覽器權限。

• 敏感檔案存取 (LFI/RFI)
針對伺服器設定檔（如 /etc/passwd）的非法讀取行為，通常為入侵前兆。

🛠️ 給管理員的建議：
1. 定期將此報告中的高風險 IP 匯入防火牆或 WAF 進行封鎖。
2. 搭配 IP 信譽與黑名單整合查詢即時分析 IP ，並同步比對國際 DNSBL 黑名單。

IPS 網路威脅即時報告與惡意 IP 監控 - 2ns.org