内容来源：https://lifehacker.com/tech/tool-checks-for-compromised-home-internet?utm_medium=RSS

内容总结：

网络安全公司GreyNoise近日推出一款免费在线工具IP Check，可帮助普通用户快速检测家庭网络是否被恶意利用。当家庭路由器或联网设备遭黑客控制后，往往会在用户无感知的情况下成为僵尸网络或住宅代理节点，用于发动网络攻击、传播恶意软件等非法活动。

该工具操作简便：用户仅需通过浏览器访问页面，系统将自动分析当前IP地址的安全状态。若显示"安全"则表明网络未被监控到异常扫描行为；若因使用企业网络、VPN或云服务被标记为数据中心IP，也属正常情况；只有当检测结果显示"恶意"或"可疑"时，用户才需进一步排查。

网络安全专家提示，家庭网络被入侵的典型迹象包括网速异常下降、流量模式突变等，但日常网页浏览、视频播放等基础功能可能仍表现正常。建议用户定期使用此类工具进行基础检测，若发现异常可结合设备日志、流量监控等专业手段深入分析。苹果用户需注意，在Safari浏览器开启隐私中继功能时可能显示"检测到疑似伪造流量"，建议换用Chrome等其他浏览器验证实际IP状态。

中文翻译：

家庭网络遭入侵时通常会出现异常流量或系统性能下降等警示迹象，如今一款简易工具能帮助您判断路由器或联网设备是否正被用于恶意活动。威胁监控公司GreyNoise推出的IP检测工具可在您的IP地址被监测到作为僵尸网络或住宅代理网络实施网络扫描时发出警报。

据GreyNoise说明，住宅IP遭入侵往往不易被用户察觉，因为日常的流媒体播放、邮件收发、网页浏览等操作仍可正常进行。但在此期间，威胁行为者正通过您的家庭IP地址路由恶意活动，并可能利用您的网络实施账户接管、恶意软件传播等全方位攻击。

如何检测IP地址可疑活动

使用该工具时，只需在浏览器窗口打开页面即可获得检测结果。若显示IP地址"清洁"，则表明您的网络未被监测到实施网络扫描（也不属于任何已知商业服务基础设施）。

您的IP也可能被标记为"存在于GreyNoise数据库"，这并非遭入侵的迹象——通常是因为您正在使用VPN、企业网络或云服务提供商。该工具能够区分数据中心IP与被劫持IP。（注意：使用Safari浏览器并开启隐私中继功能的苹果用户可能会看到"检测到疑似伪造流量"提示，这通常也无需恐慌。建议尝试在Chrome或Firefox等其他浏览器中检测真实IP地址进行验证。）

若您的IP被判定为恶意或可疑，则应展开深入调查。展开扫描结果的"已观测活动"栏目，可查看首次与最近发生扫描行为的具体时间、检测到的攻击类型以及后续应对步骤。

正如BleepingComputer所指出的，虽然通过审查设备日志、网络流量和活动模式可以深入探查恶意活动，但检测IP地址始终是最简易的入门诊断方式。

英文来源：

There are warning signs that your home network may have been compromised, such as unusual traffic patterns and slowdowns in system performance, but now there's a simple tool to help determine if your router or connected devices are being used to conduct malicious activity. IP Check, from threat monitoring firm GreyNoise, will alert you if your IP address has been observed scanning the internet as part of a botnet or residential proxy network.
As GreyNoise outlines, residential IP compromise often isn't obvious to the user because you're still able to conduct business as usual, such as streaming, emailing, and web browsing. All the while, though, threat actors are routing malicious activity through your home IP address and can potentially exploit your network for everything from account takeovers to malware distribution.
Check your IP address for suspicious activity
To use IP Check, you simply need to open the tool in a browser window, and you'll get one of several results. If your IP is clean, that means that your network hasn't been caught scanning the internet (nor does it belong to any known business service infrastructure).
Your IP may also be flagged as being in the GreyNoise database, which is not a sign of compromise—this is likely because you're using a VPN, corporate network, or cloud provider, and the tool can distinguish between an IP belonging to a data center and one that's being exploited. (Note that Apple users browsing in Safari with Private Relay enabled will likely see "Possible Spoofed Traffic Detected," which also is not necessarily cause for alarm. Try checking your real IP in a different browser like Chrome or Firefox to confirm.)
If your IP is identified as malicious or suspicious, you should investigate further. If you toggle open the Observed Activity section of the scanner, you can see when the first and last instances of the scanning behavior occurred and what types were detected along with actionable next steps.
As BleepingComputer notes, you can get into the weeds with detecting malicious activity by reviewing device logs, network traffic, and activity patterns, but checking your IP address is the simplest place to start.