手机中马，看ip是阿里云，怎么处理？

zhujimi

不知道怎么就中马了
解屏/打开新app/返回主界面都弹出全屏广告
查看手机上的软件发现一个com.service.usbhelper
通过fiddler查看发现广告请求ip都是139.196段
其中两个ip：139.196.110.187，139.196.6.81

请求如下，敏感信息已打码：
[ol]

http://139.196.110.187:7701/adv/dgfly?

sdk=REL&

n=WIFI&

mfr=samsung&

cc=CN&

action=us&

tz=%2B0800&

rom=6240924%7C12507020&

bdsp=****&

hst_sdk_info=NA&

rel=5.0&

hdpp=true&

nt=wifi&

dm=1080x1920&

iir=true&

apn="***"&

hwssp=false&

hipp=true&

outerUrlList=zh&

si=****&

stat=%5B"app_com.android.settings"%2C"screen_on"%2C"power_disconnected"%5D&

no=46000&

mdl=****&

mac=****&

did=357555059379919&

ddpi=480&

pan=p_698&

bid=LRX21V&

ssn2=&

si2=&

av=5.00.9&

sdki=21&

an=com.service.usbhelper&

brnd=samsung&

sys=400188%7C2270376&

sdc=true&

pap=%7B"2018-07-22"%3A300000%7D&

avc=50000&

aid=512bd4dd8df5f246&

ssn=****&

cp=AK062[/ol]复制代码

返回的信息：
[ol]

{"cnf":{"dgfly":{"adtype":"bb","name":"\u6f02\u4eae\u5c0f\u59d0\u59d0\u9080\u8bf7\u4f60\u4e00\u8d77\u73a9\u6296\u97f3\uff0c\u5feb\u6765\u770b\u770b\u5427\uff01","show_type":"bb_banner_app","icon_img":"http:\/\/sf3-ttcdn-tos.pstatp.com\/obj\/web.business.image\/201805285d0d2393d5c5f8ce4f8c90ed","ad_img":["http:\/\/sf6-ttcdn-tos.pstatp.com\/obj\/web.business.image\/201805285d0dc49dfc79ccc84f24b675"],"desc":"\u6f02\u4eae\u5c0f\u59d0\u59d0\u9080\u8bf7\u4f60\u4e00\u8d77\u73a9\u6296\u97f3\uff0c\u5feb\u6765\u770b\u770b\u5427\uff01","w":690,"h":388,"s_dur":9000,"down_url":"https:\/\/lf.snssdk.com\/api\/ad\/union\/redirect\/?req_id=1532274139409478u1242&use_pb=1&rit=900504076&call_back=szoF0cN6O7ncuCAgOMn%2BUFO9n0tD2%2BmEHrlRKA%2BJ6nk%3D&extra=d4nGnUoz35jp7D6eGLhzcfGyv82fYTYXpEILoP06buOwDq5gKQ4SOV2EJ5ecZk%2BxS8k%2BLI%2BtwG8Dk4GaiCWWLbSSji4QShfpKug5MMoTaRaMuXmdb0M4Oxmmj%2FZqEEy2AHlWvf2j49QaJmec%2F1h48p7f8EDqhTvv6%2B9kuVrkRW55CgAYX6Rvf7AyK2CRW%2B3F1OnKGYuHPKYI%2FWnV%2FL8A%2FYmhiZKzxt7UK3N5poh3P2HJ4tQJfAPPvOCr9z3NugngVPFv%2FVxSpWCerbLlkpBedGG0lnTXXaTHpgMg7y4jZklgmXIMuc2u1C5VvM%2BfhEXdJ0bsXzG6cHwhIb42iBG3mrl4ZIe46OZgspO6FOA%2FUcFCtIXAHn04C6SMomeEDPmG6oxK9a%2BrvC%2BY3lHKjk5efF9fJ0OHVORwGBLNXchOcXDISXQgIkZDrlvvfDLM0e%2FM1%2Bk%2Bw69Ony3WADfumsBSY1ecAAcdbbDSL9i1KeVtKkzoJrBQJXFWSAazFN0L7XaNjeTZHUwoxQaGlwpMU80DVaIfKJnDUid0z9wWRAI1yI4aI%2FZWkDoqyPLDexpYDDWVZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91&active_extra=sQfbi%2BJb18N1F9jUMD0oWBJod%2FaEvF0RipQ%2BDaSokRVM7FHrhqNed0ivPzhOh%2Bpbx%2FGDKVDNwaMFoP26RrVJ6w%3D%3D","dplnk":"","rtp":false,"rtp1":false,"ia":0,"s_rpt":["https:\/\/lf.snssdk.com\/api\/ad\/union\/show_event\/?req_id=1532274139409478u1242&extra=oYhcW%2Fcxc3YLaSatyXClAQ088o%2Fr3CZCmhmDdu9MbHUQiMXb0QFxzQCKyCLwWGq5tjhkXx7Rqt1i65IJd7HJlEKdD%2Bs8ZkVdZZbV32R%2Fnc2U2cDeZYlsABG1fiR8syIC9FzAi8AvNl13dFkGDkzI3KCm4hJKUa8LPzvzHcIvjZo6xGQhGxy615bNTbEKZOy2wOKQFlTU17eZw3K0%2BTzy60D%2BqqGMlFmBjIffhS8Et7GYvGXRk%2FWFdexjLuZ1Tehv2rv0NICNBp4YYWFt%2FBZduO2xnLI%2Fax0CGIcBXvLUaqzWkETmILCrpvm%2F07i%2BkCZHDm%2B1GbX9sNfL9O0fEjAuX7kwIYVu9jWGo%2F7KxS0xlLUPcgewCyvJ7qhf0yJIUmD0sBTFM2yfgTGBGm6BsTlsbC4%2FzDZShRcvHtnlqtadHUrRX3TNnv43HuQhvfmsiQ85cBRQArC9m6s4TK3W89MECM8%2FzSw5K7GIZz5teVKkjxxHsqoakJXrB0k5vHlQaZeHKLYeNcpVi7Vd7OgdFmFwmDUCargD35cpT9PP6ILOBAsGBI5Vws9rutiLcMcz0nXj4O6jYSI5MYNIF1xlKU7L2v%2Fk3FIHnQ4y25vYu3cqJqbICmg4IsTwwN2Ouh%2BaKlsLz%2FaL8%2BIXr3GFRUeVlUm5nVi2KnwXrRI%2BwcBJljULugSWTqsRZl75L8IJYjvmIyczfu0jfPGnMBvfynKs2psIQpMlm9ghqvoH1j5QM78fEKkJ9L0DtB73AAx5%2B611zPBOnTZhG0FXZmTHCDmHA0kRAmD9HAAzvufa65xpKMbdQzf3vaMWIk%2BqEYBRagnystZAkSmhBjNBxqp9wlgLje3nigN4VrxZ17UsovvL9TM6aOc%2BoSvEX0JKx1k4TgUK3lmr6qxZpS7%2BNpYhG2Mohwf8YIm3vT9MVefnX5wZeQgxsxfAynp9GxVlm8J94bq9dXi2QgSu1R%2BGuGjH1xBhImnU1Rl%2Fm%2FGT1KqfkX7gfLL1UoRnY3EMZYGe3CNhgb%2BuS5AgRzz8xW6f7Ukv%2BWymDBgk1x16RPNIwKEubYMQIWRUYjrWBGOs%2FAIrz%2Fbt1BoTxgQRUKrC6X6ldKe5Ta5SqvSUhb8CCNmvPHc%2Fbr%2FHGsK1XncdtuSFFl%2Fy40fJBYqsJcjPun9hjxtnyKyJ6h82%2FaBldJkeL69bS%2FNo%2BtvBluRjx8enoC%2FwR2lZ%2F%2FrNq3%2BGMd4X52WGC9pe0jn4t9HgGrjKw1xi9O98d62Pfp2f7PLzy87P%2BQGGn72jpCG8jZZctWkNzkxUivUAaMxckGiOTSghdVGFVjMGe1KsFux%2Bc1%2F13T%2F2LLFzjqeZpt4Li96wSw%2BFZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91","http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=s&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&u_ad_type=2&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"c_rpt":["https:\/\/lf.snssdk.com\/api\/ad\/union\/event\/?req_id=1532274139409478u1242&extra=oYhcW%2Fcxc3YLaSatyXClAQ088o%2Fr3CZCmhmDdu9MbHUQiMXb0QFxzQCKyCLwWGq5tjhkXx7Rqt1i65IJd7HJlEKdD%2Bs8ZkVdZZbV32R%2Fnc2U2cDeZYlsABG1fiR8syIC9FzAi8AvNl13dFkGDkzI3KCm4hJKUa8LPzvzHcIvjZo6xGQhGxy615bNTbEKZOy2wOKQFlTU17eZw3K0%2BTzy60D%2BqqGMlFmBjIffhS8Et7GYvGXRk%2FWFdexjLuZ1Tehv2rv0NICNBp4YYWFt%2FBZduO2xnLI%2Fax0CGIcBXvLUaqzWkETmILCrpvm%2F07i%2BkCZHDm%2B1GbX9sNfL9O0fEjAuX7kwIYVu9jWGo%2F7KxS0xlLUPcgewCyvJ7qhf0yJIUmD0sBTFM2yfgTGBGm6BsTlsbC4%2FzDZShRcvHtnlqtadHUrRX3TNnv43HuQhvfmsiQ85cBRQArC9m6s4TK3W89MECM8%2FzSw5K7GIZz5teVKkjxxHsqoakJXrB0k5vHlQaZeHKLYeNcpVi7Vd7OgdFmFwmDUCargD35cpT9PP6ILOBAsGBI5Vws9rutiLcMcz0nXj4O6jYSI5MYNIF1xlKU7L2v%2Fk3FIHnQ4y25vYu3cqJqbICmg4IsTwwN2Ouh%2BaKlsLz%2FaL8%2BIXr3GFRUeVlUm5nVi2KnwXrRI%2BwcBJljULugSWTqsRZl75L8IJYjvmIyczfu0jfPGnMBvfynKs2psIQpMlm9ghqvoH1j5QM78fEKkJ9L0DtB73AAx5%2B611zPBOnTZhG0FXZmTHCDmHA0kRAmD9HAAzvufa65xpKMbdQzf3vaMWIk%2BqEYBRagnystZAkSmhBjNBxqp9wlgLje3nigN4VrxZ17UsovvL9TM6aOc%2BoSvEX0JKx1k4TgUK3lmr6qxZpS7%2BNpYhG2Mohwf8YIm3vT9MVefnX5wZeQgxsxfAynp9GxVlm8J94bq9dXi2QgSu1R%2BGuGjH1xBhImnU1Rl%2Fm%2FGT1KqfkX7gfLL1UoRnY3EMZYGe3CNhgb%2BuS5AgRzz8xW6f7Ukv%2BWymDBgk1x16RPNIwKEubYMQIWRUYjrWBGOs%2FAIrz%2Fbt1BoTxgQRUKrC6X6ldKe5Ta5SqvSUhb8CCNmvPHc%2Fbr%2FHGsK1XncdtuSFFl%2Fy40fJBYqsJcjPun9hjxtnyKyJ6h82%2FaBldJkeL69bS%2FNo%2BtvBluRjx8enoC%2FwR2lZ%2F%2FrNq3%2BGMd4X52WGC9pe0jn4t9HgGrjKw1xi9O98d62Pfp2f7PLzy87P%2BQGGn72jpCG8jZZctWkNzkxUivUAaMxckGiOTSghdVGFVjMGe1KsFux%2Bc1%2F13T%2F2LLFzjqeZpt4Li96wSw%2BFZp9X%2BNwb8gPYCBIXAyRzow%3D%3D&source_type=1&pack_time=1532274139.91","http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=c&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&u_ad_type=2&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"d_rpt":["http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=d&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"dc_rpt":["http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=dc&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"i_rpt":["http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=i&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"a_rpt":["http:\/\/139.196.171.67:5678\/dgfly_rpt.php?reqid=1532274139.507775.90dfe&act=a&dl_si=0&adci=0&is_wifi=1&ad=AdvJrttUn&adid=a955c68a&cp=AK062&did=357555059379919&aid=512bd4dd8df5f246"],"o_rpt":[],"ad_pack":"banner","ad_ver":"","vsb":true,"dlsign":false,"logo":true,"is_act":"1","ci":"0","in_broser":false,"cl":1,"bb_area":true,"aicnf":[]}}}[/ol]复制代码


到哪里可以查到这个人的信息，不想就这么让他继续坑其他人
阿里云投诉不知道有没效果。。。

vagaa

https://github.com/tang430524/SSO

广东吴彦祖

发工单 投诉发邮件

不认识

你的机子是安卓机还是苹果机？？

zhujimi

广东吴彦祖 发表于 2018-7-23 00:06

发工单 投诉发邮件
呃，阿里云投诉还要账号。。。没账号

qwwujh

阿里云 啊 D过去啊 或者C到破产

zhujimi

vagaa 发表于 2018-7-23 00:05

https://github.com/tang430524/SSO
不懂这个，求大神明解

zhujimi

不认识 发表于 2018-7-23 00:10

你的机子是安卓机还是苹果机？？
三星安卓

蓝翔技校

"

这位大佬讲的对，不过国内阿里云没有流量限制说法，但可以D到进黑洞。

不认识

zhujimi 发表于 2018-7-23 00:25

三星安卓
不知道苹果会不会中木马呢