手机中恶意程序,IP源是阿里云的,要怎么处理?-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

手机中恶意程序,IP源是阿里云的,要怎么处理?

bigdon 2018-07-23 18:30:23 2332

解屏/打开新app/返回主界面都弹出全屏广告
查看手机上的软件发现一个com.service.usbhelper
通过fiddler查看发现广告请求ip都是139.196段
其中两个ip:139.196.110.187,139.196.6.81

请求如下,敏感信息已打码:
http://139.196.110.187:7701/adv/dgfly?
sdk=REL&
n=WIFI&
mfr=samsung&
cc=CN&
action=us&
tz=%2B0800&
rom=6240924%7C12507020&
bdsp=**&
hst_sdk_info=NA&
rel=5.0&
hdpp=true&
nt=wifi&
dm=1080x1920&
iir=true&
apn="*"&
hwssp=false&
hipp=true&
outerUrlList=zh&
si=**&
stat=%5B"app_com.android.settings"%2C"screen_on"%2C"power_disconnected"%5D&
no=46000&
mdl=**&
mac=**&
did=357555059379919&
ddpi=480&
pan=p_698&
bid=LRX21V&
ssn2=&
si2=&
av=5.00.9&
sdki=21&
an=com.service.usbhelper&
brnd=samsung&
sys=400188%7C2270376&
sdc=true&
pap=%7B"2018-07-22"%3A300000%7D&
avc=50000&
aid=512bd4dd8df5f246&
ssn=**&
cp=AK062

返回的信息:
{"cnf":{"dgfly":{"adtype":"bb","name":"u6f02u4eaeu5c0fu59d0u59d0u9080u8bf7u4f60u4e00u8d77u73a9u6296u97f3uff0cu5febu6765u770bu770bu5427uff01","show_type":"bb_banner_app","icon_img":"http://sf3-ttcdn-tos.pstatp.com/obj/web.business.image/201805285d0d2393d5c5f8ce4f8c90ed","ad_img":["http://sf6-ttcdn-tos.pstatp.com/obj/web.business.image/201805285d0dc49dfc79ccc84f24b675"],"desc":"u6f02u4eaeu5c0fu59d0u59d0u9080u8bf7u4f60u4e00u8d77u73a9u6296u97f3uff0cu5febu6765u770bu770bu5427uff01","w":690,"h":388,"s_dur":9000,"down_url":"https://lf.snssdk.com/api/ad/union/redirect/?req_id=1532274139409478u1242&use_pb=1&rit=900504076&call_back=szoF0cN6O7ncuCAgOMn%2BUFO9n0tD2%2BmEHrlRKA%2BJ6nk%3D&extra=d4nGnUoz35jp7D6eGLhzcfGyv82fYTYXpEILoP06buOwDq5gKQ4SOV2EJ5ecZk%2BxS8k%2BLI%2BtwG8Dk4GaiCWWLbSSji4QShfpKug5MMoTaRaMuXmdb0M4Oxmmj%2FZqEEy2AHlWvf2j49QaJmec%2F1h48p7f8EDqhTvv6%2B9kuVrkRW55CgAYX6Rvf7AyK2CRW%2B3F1OnKGYuHPKYI%2FWnV%2FL8A%2FYmhiZKzxt7UK3N5poh3P2HJ4tQJfAPPvOCr9z3NugngVPFv%2FVxSpWCerbLlkpBedGG0lnTXXaTHpgMg7y4jZklgmXIMuc2u1C5VvM%2BfhEXdJ0bsXzG6cHwhIb42iBG3mrl4ZIe46OZgspO6FOA%2FUcFCtIXAHn04C6SMomeEDPmG6oxK9a%2BrvC%2BY3lHKjk5efF9fJ0OHVORwGBLNXchOcXDISXQgIkZDrlvvfDLM0e%2FM1%2Bk%2Bw69Ony3WADfumsBSY1ecAAcdbbDSL9i1KeVtKkzoJrBQJXFWSAazFN0L7XaNjeTZHUwoxQaGlwpMU80DVaIfKJnDUid0z9wWRAI1yI4aI%2FZWkDoqyPLDexpYDDWVZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91&active_extra=sQfbi%2BJb18N1F9jUMD0oWBJod%2FaEvF0RipQ%2BDaSokRVM7FHrhqNed0ivPzhOh%2Bpbx%2FGDKVDNwaMFoP26RrVJ6w%3D%3D","dplnk":"","rtp":false,"rtp1":false,"ia":0,"s_rpt":["https://lf.snssdk.com/api/ad/union/show_event/?req_id=1532274139409478u1242&extra=oYhcW%2Fcxc3YLaSatyXClAQ088o%2Fr3CZCmhmDdu9MbHUQiMXb0QFxzQCKyCLwWGq5tjhkXx7Rqt1i65IJd7HJlEKdD%2Bs8ZkVdZZbV32R%2Fnc2U2cDeZYlsABG1fiR8syIC9FzAi8AvNl13dFkGDkzI3KCm4hJKUa8LPzvzHcIvjZo6xGQhGxy615bNTbEKZOy2wOKQFlTU17eZw3K0%2BTzy60D%2BqqGMlFmBjIffhS8Et7GYvGXRk%2FWFdexjLuZ1Tehv2rv0NICNBp4YYWFt%2FBZduO2xnLI%2Fax0CGIcBXvLUaqzWkETmILCrpvm%2F07i%2BkCZHDm%2B1GbX9sNfL9O0fEjAuX7kwIYVu9jWGo%2F7KxS0xlLUPcgewCyvJ7qhf0yJIUmD0sBTFM2yfgTGBGm6BsTlsbC4%2FzDZShRcvHtnlqtadHUrRX3TNnv43HuQhvfmsiQ85cBRQArC9m6s4TK3W89MECM8%2FzSw5K7GIZz5teVKkjxxHsqoakJXrB0k5vHlQaZeHKLYeNcpVi7Vd7OgdFmFwmDUCargD35cpT9PP6ILOBAsGBI5Vws9rutiLcMcz0nXj4O6jYSI5MYNIF1xlKU7L2v%2Fk3FIHnQ4y25vYu3cqJqbICmg4IsTwwN2Ouh%2BaKlsLz%2FaL8%2BIXr3GFRUeVlUm5nVi2KnwXrRI%2BwcBJljULugSWTqsRZl75L8IJYjvmIyczfu0jfPGnMBvfynKs2psIQpMlm9ghqvoH1j5QM78fEKkJ9L0DtB73AAx5%2B611zPBOnTZhG0FXZmTHCDmHA0kRAmD9HAAzvufa65xpKMbdQzf3vaMWIk%2BqEYBRagnystZAkSmhBjNBxqp9wlgLje3nigN4VrxZ17UsovvL9TM6aOc%2BoSvEX0JKx1k4TgUK3lmr6qxZpS7%2BNpYhG2Mohwf8YIm3vT9MVefnX5wZeQgxsxfAynp9GxVlm8J94bq9dXi2QgSu1R%2BGuGjH1xBhImnU1Rl%2Fm%2FGT1KqfkX7gfLL1UoRnY3EMZYGe3CNhgb%2BuS5AgRzz8xW6f7Ukv%2BWymDBgk1x16RPNIwKEubYMQIWRUYjrWBGOs%2FAIrz%2Fbt1BoTxgQRUKrC6X6ldKe5Ta5SqvSUhb8CCNmvPHc%2Fbr%2FHGsK1XncdtuSFFl%2Fy40fJBYqsJcjPun9hjxtnyKyJ6h82%2FaBldJkeL69bS%2FNo%2BtvBluRjx8enoC%2FwR2lZ%2F%2FrNq3%2BGMd4X52WGC9pe0jn4t9HgGrjKw1xi9O98d62Pfp2f7PLzy87P%2BQGGn72jpCG8jZZctWkNzkxUivUAaMxckGiOTSghdVGFVjMGe1KsFux%2Bc1%2F13T%2F2LLFzjqeZpt4Li96wSw%2BFZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91","http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=s&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&u_ad_type=2&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"c_rpt":["https://lf.snssdk.com/api/ad/union/event/?req_id=1532274139409478u1242&extra=oYhcW%2Fcxc3YLaSatyXClAQ088o%2Fr3CZCmhmDdu9MbHUQiMXb0QFxzQCKyCLwWGq5tjhkXx7Rqt1i65IJd7HJlEKdD%2Bs8ZkVdZZbV32R%2Fnc2U2cDeZYlsABG1fiR8syIC9FzAi8AvNl13dFkGDkzI3KCm4hJKUa8LPzvzHcIvjZo6xGQhGxy615bNTbEKZOy2wOKQFlTU17eZw3K0%2BTzy60D%2BqqGMlFmBjIffhS8Et7GYvGXRk%2FWFdexjLuZ1Tehv2rv0NICNBp4YYWFt%2FBZduO2xnLI%2Fax0CGIcBXvLUaqzWkETmILCrpvm%2F07i%2BkCZHDm%2B1GbX9sNfL9O0fEjAuX7kwIYVu9jWGo%2F7KxS0xlLUPcgewCyvJ7qhf0yJIUmD0sBTFM2yfgTGBGm6BsTlsbC4%2FzDZShRcvHtnlqtadHUrRX3TNnv43HuQhvfmsiQ85cBRQArC9m6s4TK3W89MECM8%2FzSw5K7GIZz5teVKkjxxHsqoakJXrB0k5vHlQaZeHKLYeNcpVi7Vd7OgdFmFwmDUCargD35cpT9PP6ILOBAsGBI5Vws9rutiLcMcz0nXj4O6jYSI5MYNIF1xlKU7L2v%2Fk3FIHnQ4y25vYu3cqJqbICmg4IsTwwN2Ouh%2BaKlsLz%2FaL8%2BIXr3GFRUeVlUm5nVi2KnwXrRI%2BwcBJljULugSWTqsRZl75L8IJYjvmIyczfu0jfPGnMBvfynKs2psIQpMlm9ghqvoH1j5QM78fEKkJ9L0DtB73AAx5%2B611zPBOnTZhG0FXZmTHCDmHA0kRAmD9HAAzvufa65xpKMbdQzf3vaMWIk%2BqEYBRagnystZAkSmhBjNBxqp9wlgLje3nigN4VrxZ17UsovvL9TM6aOc%2BoSvEX0JKx1k4TgUK3lmr6qxZpS7%2BNpYhG2Mohwf8YIm3vT9MVefnX5wZeQgxsxfAynp9GxVlm8J94bq9dXi2QgSu1R%2BGuGjH1xBhImnU1Rl%2Fm%2FGT1KqfkX7gfLL1UoRnY3EMZYGe3CNhgb%2BuS5AgRzz8xW6f7Ukv%2BWymDBgk1x16RPNIwKEubYMQIWRUYjrWBGOs%2FAIrz%2Fbt1BoTxgQRUKrC6X6ldKe5Ta5SqvSUhb8CCNmvPHc%2Fbr%2FHGsK1XncdtuSFFl%2Fy40fJBYqsJcjPun9hjxtnyKyJ6h82%2FaBldJkeL69bS%2FNo%2BtvBluRjx8enoC%2FwR2lZ%2F%2FrNq3%2BGMd4X52WGC9pe0jn4t9HgGrjKw1xi9O98d62Pfp2f7PLzy87P%2BQGGn72jpCG8jZZctWkNzkxUivUAaMxckGiOTSghdVGFVjMGe1KsFux%2Bc1%2F13T%2F2LLFzjqeZpt4Li96wSw%2BFZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91","http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=c&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&u_ad_type=2&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"d_rpt":["http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=d&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"dc_rpt":["http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=dc&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"i_rpt":["http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=i&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"a_rpt":["http://139.196.171.67:5678/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=a&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"o_rpt":[],"ad_pack":"banner","ad_ver":"","vsb":true,"dlsign":false,"logo":true,"is_act":"1","ci":"0","in_broser":false,"cl":1,"bb_area":true,"aicnf":[]}}}

手机处理
分享到
取消 提交回答
全部回答(1)
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

相似问题
最新问题