[go: up one dir, main page]

CN114390026B - Identity information tracing method, device, equipment, storage medium and program - Google Patents

Identity information tracing method, device, equipment, storage medium and program Download PDF

Info

Publication number
CN114390026B
CN114390026B CN202111501802.7A CN202111501802A CN114390026B CN 114390026 B CN114390026 B CN 114390026B CN 202111501802 A CN202111501802 A CN 202111501802A CN 114390026 B CN114390026 B CN 114390026B
Authority
CN
China
Prior art keywords
information
app
website
tracing
same
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111501802.7A
Other languages
Chinese (zh)
Other versions
CN114390026A (en
Inventor
梁镜汶
郑文鑫
韩刚
刘亮
沈欣然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Original Assignee
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secworld Information Technology Beijing Co Ltd, Qax Technology Group Inc filed Critical Secworld Information Technology Beijing Co Ltd
Priority to CN202111501802.7A priority Critical patent/CN114390026B/en
Publication of CN114390026A publication Critical patent/CN114390026A/en
Application granted granted Critical
Publication of CN114390026B publication Critical patent/CN114390026B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention provides an identity information tracing method, an identity information tracing device, identity information tracing equipment, an identity information tracing storage medium and an identity information tracing program. The method comprises the following steps: extracting feature information of a dead website or application program APP; according to the characteristic information, acquiring a historical access record associated with the invalid website or APP from the cached access record; acquiring tracing clue information according to the history access record; the trace source cue information comprises at least one of the following: APP download address, call link of third party platform, page keyword, website type, and associated domain name information; and acquiring the identity information of the target personnel according to the traceability cue information. In the scheme, under the condition that the website or the APP fails, the identity information of the personnel implementing the illegal case through the website or the APP can still be traced.

Description

身份信息溯源方法、装置、设备、存储介质和程序Identity information tracing method, device, equipment, storage medium and program

技术领域Technical Field

本发明涉及计算机技术领域,尤其涉及一种身份信息溯源方法、装置、设备、存储介质和程序。The present invention relates to the field of computer technology, and in particular to an identity information tracing method, device, equipment, storage medium and program.

背景技术Background technique

随着社会经济和科技的高速发展,特别是大数据和人工智能等新技术的广泛应用,通过网络实施违法案件的手段不断翻新,违法案件的数量不断增长,严重影响人们的生活,造成个人和社会的巨大经济损失。With the rapid development of social economy and science and technology, especially the widespread application of new technologies such as big data and artificial intelligence, the means of committing crimes through the Internet are constantly being updated, and the number of illegal cases is growing, seriously affecting people's lives and causing huge economic losses to individuals and society.

目前在通过网络实施违法案件中,往往会出现网络站点或应用程序APP在用户初始使用阶段能正常访问,过一段时间就失活、无法进入,即嫌疑人在成功骗取受害人的钱财后会采取关闭涉案网站、APP下载地址、服务器的方式来逃避侦查,因此如何在网站、APP失活的情况下,对通过网络实施违法案件的人员身份信息进行溯源,是目前业界亟待解决的重要课题。At present, in cases of crimes committed through the Internet, it is often the case that the website or application APP can be accessed normally in the initial stage of user use, but becomes inactivated and inaccessible after a period of time. That is, after successfully defrauding the victim's money, the suspect will take the approach of closing the website, APP download address, and server involved in the case to evade investigation. Therefore, how to trace the identity information of people who commit crimes through the Internet when the website or APP is inactivated is an important issue that needs to be urgently resolved in the industry.

发明内容Summary of the invention

针对现有技术中的问题,本发明实施例提供一种身份信息溯源方法、装置、设备、存储介质和程序。In view of the problems in the prior art, embodiments of the present invention provide an identity information tracing method, apparatus, device, storage medium and program.

具体地,本发明实施例提供了以下技术方案:Specifically, the embodiment of the present invention provides the following technical solutions:

第一方面,本发明实施例提供了一种身份信息溯源方法,包括:In a first aspect, an embodiment of the present invention provides an identity information tracing method, comprising:

提取失效的网站或应用程序APP的特征信息;Extract feature information of invalid websites or applications;

根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录;According to the characteristic information, obtaining historical access records associated with the invalid website or APP from the cached access records;

根据所述历史访问记录,获取溯源线索信息;所述溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;Obtaining tracing clue information according to the historical access records; the tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information;

根据所述溯源线索信息获取目标人员的身份信息。The identity information of the target person is obtained based on the traceability clue information.

可选地,所述根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录,包括:Optionally, acquiring, according to the characteristic information, a historical access record associated with the invalid website or APP from the cached access record includes:

根据所述特征信息,从互联网空间测绘系统中缓存的访问记录中,查找与所述失效的网站或APP关联的历史访问记录;或,According to the characteristic information, searching for historical access records associated with the invalid website or APP from the access records cached in the Internet space mapping system; or,

根据所述特征信息,获取与所述特征信息关联的其他存活网站或APP的历史访问记录,并将所述存活网站或APP的历史访问记录,作为与所述失效的网站或APP关联的历史访问记录。According to the characteristic information, historical access records of other surviving websites or APPs associated with the characteristic information are obtained, and the historical access records of the surviving websites or APPs are used as historical access records associated with the invalid website or APP.

可选地,所述根据所述历史访问记录,获取溯源线索信息,包括:Optionally, obtaining the tracing clue information according to the historical access record includes:

根据所述历史访问记录,获取网页代码;Obtaining web page code according to the historical access record;

对所述网页代码的关键信息进行提取,并将提取到的关键信息进行关联处理,得到所述溯源线索信息。The key information of the webpage code is extracted, and the extracted key information is associated to obtain the tracing clue information.

可选地,所述将提取到的关键信息进行关联处理,得到所述溯源线索信息,包括:Optionally, the extracted key information is subjected to association processing to obtain the tracing clue information, including:

若与所述失效的网站或APP关联的历史访问记录中包括多个网站的历史访问记录,则确定多个所述网站中是否存在与所述失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,所述相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If the historical access records associated with the invalid website or APP include historical access records of multiple websites, determine whether there is a target website among the multiple websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于所述目标网站的特征信息,获取所述溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

可选地,所述将提取到的关键信息进行关联处理,得到所述溯源线索信息,包括:Optionally, the extracted key information is subjected to association processing to obtain the tracing clue information, including:

若所述存活网站的数量为多个,确定多个所述存活网站中是否存在与所述失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,所述相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If there are multiple surviving websites, determine whether there is a target website among the multiple surviving websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于所述目标网站的特征信息,获取所述溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

可选地,所述对所述网页代码的关键信息进行提取,包括:Optionally, extracting key information of the webpage code includes:

通过正则匹配方式,识别所述网页代码中包括的APP信息,并获取所述APP的下载地址。Through regular matching, the APP information included in the webpage code is identified, and the download address of the APP is obtained.

可选地,所述特征信息包括以下至少一项:域名、IP地址、网站关键词、请求地址、标志信息、联系方式和IOC信息。Optionally, the characteristic information includes at least one of the following: domain name, IP address, website keyword, request address, logo information, contact information and IOC information.

第二方面,本发明实施例还提供了一种身份信息溯源装置,包括:In a second aspect, an embodiment of the present invention further provides an identity information tracing device, including:

获取模块,用于提取失效的网站或应用程序APP的特征信息;An acquisition module is used to extract characteristic information of invalid websites or application programs;

所述获取模块,还用于根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录;The acquisition module is further used to acquire, from the cached access records, historical access records associated with the invalid website or APP according to the characteristic information;

处理模块,用于根据所述历史访问记录,获取溯源线索信息;所述溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;A processing module, configured to obtain tracing clue information according to the historical access records; the tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information;

所述处理模块,还用于根据所述溯源线索信息获取目标人员的身份信息。The processing module is also used to obtain the identity information of the target person based on the tracing clue information.

第三方面,本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如第一方面所述身份信息溯源方法的步骤。In a third aspect, an embodiment of the present invention further provides an electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, the steps of the identity information tracing method described in the first aspect are implemented.

第四方面,本发明实施例还提供了一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如第一方面所述身份信息溯源方法的步骤。In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the identity information tracing method as described in the first aspect.

第五方面,本发明实施例还提供了一种计算机程序产品,其上存储有可执行指令,该指令被处理器执行时使处理器实现第一方面所述身份信息溯源方法的步骤。In a fifth aspect, an embodiment of the present invention further provides a computer program product having executable instructions stored thereon, which, when executed by a processor, enables the processor to implement the steps of the identity information tracing method described in the first aspect.

本发明实施例提供的身份信息溯源方法、装置、设备、存储介质和程序,基于失效的网站或APP提取特征信息,进而根据提取到的特征信息,获取相关的历史访问记录,并基于该历史访问记录获取溯源线索信息,该溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息,最后溯源得到目标人员的身份信息,不需要依赖于网站或APP存活,实现了在网站或APP失效的情况下对通过该网站或APP实施违法案件的目标人员进行身份溯源,实现复杂度较低,效率较高。The identity information tracing method, apparatus, equipment, storage medium and program provided by the embodiments of the present invention extract feature information based on an invalid website or APP, and then obtain relevant historical access records based on the extracted feature information, and obtain tracing clue information based on the historical access records. The tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information. Finally, the identity information of the target person is traced back, and there is no need to rely on the survival of the website or APP. In the case of an invalid website or APP, the identity tracing of the target person who has committed a crime through the website or APP is realized, and the complexity is low and the efficiency is high.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the drawings required for use in the embodiments or the description of the prior art. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1为本发明提供的身份信息溯源方法的一实施例的流程示意图;FIG1 is a schematic diagram of a flow chart of an embodiment of a method for tracing identity information provided by the present invention;

图2为本发明提供的身份信息溯源方法的一实施例的失效网站界面示意图;FIG2 is a schematic diagram of an invalid website interface according to an embodiment of the identity information tracing method provided by the present invention;

图3为本发明提供的身份信息溯源方法的一实施例的网页界面示意图之一;FIG3 is a schematic diagram of a web page interface of an embodiment of the identity information tracing method provided by the present invention;

图4为本发明提供的身份信息溯源方法的一实施例的网页代码示意图之一;FIG4 is one of the schematic diagrams of web page code of an embodiment of the identity information tracing method provided by the present invention;

图5为本发明提供的身份信息溯源方法的一实施例的网页界面示意图之二;FIG5 is a second schematic diagram of a web page interface of an embodiment of the identity information tracing method provided by the present invention;

图6为本发明提供的身份信息溯源方法的一实施例的网页界面示意图之三;FIG6 is a third schematic diagram of a web page interface of an embodiment of the identity information tracing method provided by the present invention;

图7为本发明提供的身份信息溯源方法的一实施例的网页代码示意图之二;FIG. 7 is a second schematic diagram of web page code of an embodiment of the identity information tracing method provided by the present invention;

图8为本发明提供的身份信息溯源方法的一实施例的搜索结果示意图;FIG8 is a schematic diagram of search results of an embodiment of a method for tracing identity information provided by the present invention;

图9为本发明提供的身份信息溯源方法的一实施例的客服界面示意图;FIG9 is a schematic diagram of a customer service interface of an embodiment of an identity information tracing method provided by the present invention;

图10为本发明提供的身份信息溯源方法的另一实施例的流程示意图;FIG10 is a flow chart of another embodiment of the identity information tracing method provided by the present invention;

图11是本发明提供的身份信息溯源装置一实施例的结构示意图;11 is a schematic diagram of the structure of an embodiment of an identity information tracing device provided by the present invention;

图12是本发明提供的电子设备一实施例的结构示意图。FIG. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the embodiments of the present invention clearer, the technical solution in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

首先,对本发明实施例的名词进行解释:First, the terms of the embodiments of the present invention are explained:

失效的网站或应用程序APP:网站或APP的服务已经关闭,用户不能正常访问。Invalid website or application APP: The service of the website or APP has been closed and users cannot access it normally.

互联网空间测绘系统:定时通过扫描器对全网互联网资产进行扫描并把扫描结果保存起来,为用户提供资产搜索服务的系统。Internet Space Mapping System: A system that regularly scans the entire Internet assets through a scanner and saves the scan results to provide users with asset search services.

本发明实施例的身份信息溯源方法,基于失效的网站或APP提取特征信息,进而根据提取到的特征信息,获取相关的历史访问记录,并基于该历史访问记录获取线索,例如包括APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息等,最后溯源得到目标人员的身份信息,不需要依赖于网站或APP存活,实现了在网站或APP失效的情况下对通过该网站或APP实施违法案件的目标人员进行身份溯源,实现复杂度较低,效率较高。The identity information tracing method of the embodiment of the present invention extracts feature information based on an invalid website or APP, and then obtains relevant historical access records based on the extracted feature information, and obtains clues based on the historical access records, such as APP download addresses, call links of third-party platforms, page keywords, website types, associated domain name information, etc. Finally, the identity information of the target person is traced back, and there is no need to rely on the survival of the website or APP. In the case that the website or APP is invalid, the identity tracing of the target person who committed a crime through the website or APP is realized, and the complexity is low and the efficiency is high.

下面结合图1-图10以具体的实施例对本发明的技术方案进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例不再赘述。The technical solution of the present invention is described in detail with reference to specific embodiments in conjunction with Figures 1 to 10. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.

图1是本发明实施例提供的身份信息溯源方法一实施例的流程示意图。FIG1 is a flow chart of an embodiment of an identity information tracing method provided by an embodiment of the present invention.

如图1所示,本发明实施例提供的方法,包括:As shown in FIG1 , the method provided by the embodiment of the present invention includes:

步骤101、提取失效的网站或应用程序APP的特征信息;Step 101: extract feature information of invalid websites or application programs APP;

具体的,从失效的网站地址或APP作为线索入口,提取特征信息。可选地,可以从失效的网站或APP的访问记录和/或日志信息中提取特征信息。其中,失效的网站或APP可以是通过该网站或APP实施过违法案件的网站或APP,特别是金融类的违法案件。失效的网站或APP的访问记录和/或日志信息可以基于失效网站的网站地址或者APP的下载地址从各大互联网空间测绘系统缓存的数据中获取。在获取到失效的网站或APP的访问记录和/或日志信息后,例如,可以通过正则匹配方式从中提取出特征信息,特征信息包括但不限于以下至少一项:域名、IP地址、网站关键词、运行时的请求地址、标志logo信息、联系方式、控制反转(Inversion of Control,IOC)信息等。图2中所示的是失效网站。Specifically, feature information is extracted from the invalid website address or APP as a clue entry. Optionally, feature information can be extracted from the access record and/or log information of the invalid website or APP. Among them, the invalid website or APP may be a website or APP that has committed illegal cases through the website or APP, especially financial illegal cases. The access record and/or log information of the invalid website or APP can be obtained from the data cached by major Internet space mapping systems based on the website address of the invalid website or the download address of the APP. After obtaining the access record and/or log information of the invalid website or APP, for example, feature information can be extracted from it by regular matching, and the feature information includes but is not limited to at least one of the following: domain name, IP address, website keywords, request address at runtime, logo information, contact information, Inversion of Control (IOC) information, etc. Figure 2 shows an invalid website.

其中,网站关键词例如图3中所示的“某某集团”、“日化收益”、“投资奖励”等。运行时的请求地址可以是网站运行时向服务器请求的地址。The website keywords are, for example, "XX Group", "daily income", "investment reward" etc. as shown in FIG3. The request address at runtime may be the address requested to the server when the website is running.

IOC是指依赖注入,即在运行期间由IOC容器,动态地将某种依赖关系注入到对象之中。IOC refers to dependency injection, which means that a certain dependency is dynamically injected into an object by the IOC container during runtime.

步骤102、根据特征信息,从缓存的访问记录中获取与失效的网站或APP关联的历史访问记录;Step 102: Obtain historical access records associated with the invalid website or APP from the cached access records according to the characteristic information;

具体的,可以利用特征信息在各大互联网空间测绘系统缓存的访问记录中找到保留的与失效的网站或APP相关的历史访问记录(如图4所示,具有a1.apk),通过历史访问记录可对该失效的网站或APP继续进行溯源。Specifically, the characteristic information can be used to find the retained historical access records related to the invalid website or APP in the access records cached by major Internet space mapping systems (as shown in Figure 4, with a1.apk), and the invalid website or APP can be traced back through the historical access records.

例如从相关的历史访问记录中提取新的线索信息,从而对相关目标人员的身份进行溯源。新的线索信息例如可以是APP下载地址、关键词、调用链接或关联的域名信息等。For example, new clue information can be extracted from relevant historical access records to trace the identity of the relevant target person. New clue information can be, for example, APP download addresses, keywords, call links, or associated domain name information.

或,可以利用特征信息扩线出该相关目标人员在互联网上的其他同类存活网站或APP,对还未关闭的网站或APP继续进行溯源。Alternatively, the characteristic information can be used to expand the line of other similar surviving websites or apps of the relevant target person on the Internet, and continue to trace the websites or apps that have not been closed.

如图5和图6所示的网站,只是网站地址和网站名称不同,其他基本类似。The websites shown in Figures 5 and 6 are basically similar except for the website addresses and website names.

步骤103、根据历史访问记录,获取溯源线索信息;溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;Step 103: Obtain tracing clue information based on historical access records; the tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information;

具体的,对相关的历史访问记录进行分析,获取溯源线索信息,包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息。Specifically, relevant historical access records are analyzed to obtain tracing clue information, including at least one of the following: APP download address, call link of third-party platform, page keywords, website type, and associated domain name information.

如图7所示,网站具有APP下载地址,如图6所示,该网站的页面上显示有客服,例如该客服为第三方平台,分析网页代码可知该第三方平台的调用链接为“https://kefu.mnkefu.com/im297176ae”;As shown in FIG. 7 , the website has an APP download address. As shown in FIG. 6 , the website page displays customer service. For example, the customer service is a third-party platform. Analysis of the webpage code shows that the call link of the third-party platform is “https://kefu.mnkefu.com/im297176ae”.

如图6所示,该网站具有页面关键词:某某集团、投资奖励、佣金、收益等。As shown in FIG6 , the website has page keywords: certain group, investment incentive, commission, income, etc.

如图6所示,该网站具有关键词“某某”,通过对该关键词进行搜索可以找出相关使用的域名信息,例如“zyfd2582.com,zyfd7513.com,zyfd8816.com,zyfd282.com”。As shown in FIG6 , the website has the keyword “something”, and by searching for the keyword, relevant domain name information can be found, such as “zyfd2582.com, zyfd7513.com, zyfd8816.com, zyfd282.com”.

如图8所示,通过对关键词进行搜索,发现其他网站的搜索结果,其他网站与该失效的网站类型相关。As shown in FIG8 , by searching for the keyword, search results of other websites are found, and the other websites are related to the invalid website type.

例如,通过该些网站的网址(例如包括/anquan/字段),可以分析出该些网站系统属于股票配资类系统。For example, through the URLs of these websites (such as including the /anquan/ field), it can be analyzed that these website systems belong to stock allocation systems.

步骤104、根据溯源线索信息获取目标人员的身份信息。Step 104: Obtain the identity information of the target person based on the tracing clue information.

具体的,目标人员可以是通过网络实施违法案件的人员。根据前述步骤中得到的溯源线索信息可以进一步获取到目标人员的身份信息。Specifically, the target person may be a person who has committed a crime through the Internet. The identity information of the target person may be further obtained based on the tracing clue information obtained in the above steps.

例如用户之前登录一些网站时注册了身份信息,提供APP下载链接时进行了付费(例如从其他平台获取APP下载链接)等,溯源线索信息包括网站中的联系方式、IP地址、第三方平台的调用链接、APP下载地址、关联的域名信息等,例如从关联的域名信息中可以获取到用户登录IP、用户登录身份信息,例如包括真实姓名、联系方式、身份证号等,根据APP下载地址获取下载APP时的支付记录等。For example, the user registered identity information when logging into some websites before, and paid when the APP download link was provided (for example, obtaining the APP download link from other platforms), etc. The tracing clues include the contact information on the website, IP address, call link of the third-party platform, APP download address, associated domain name information, etc. For example, the user login IP and user login identity information can be obtained from the associated domain name information, such as real name, contact information, ID number, etc., and the payment record when downloading the APP can be obtained based on the APP download address.

或者还可以从第三方平台调取身份信息。Alternatively, you can retrieve identity information from a third-party platform.

本实施例的方法,基于失效的网站或APP提取特征信息,进而根据提取到的特征信息,获取相关的历史访问记录,并基于该历史访问记录获取溯源线索信息,该溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息,最后溯源得到目标人员的身份信息,不需要依赖于网站或APP存活,实现了在网站或APP失效的情况下对通过该网站或APP实施违法案件的目标人员进行身份溯源,实现复杂度较低,效率较高。The method of this embodiment extracts feature information based on an invalid website or APP, and then obtains relevant historical access records based on the extracted feature information, and obtains tracing clue information based on the historical access records. The tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information. Finally, the identity information of the target person is traced back, and there is no need to rely on the survival of the website or APP. In the case that the website or APP is invalid, the identity tracing of the target person who has committed a crime through the website or APP is realized, with low complexity and high efficiency.

在一实施例中,步骤102具体可以通过如下几种方式实现:In one embodiment, step 102 may be implemented in the following ways:

一种方式:a method:

根据特征信息,从互联网空间测绘系统中缓存的访问记录中,查找与失效的网站或APP关联的历史访问记录。Based on the characteristic information, historical access records associated with invalid websites or apps are searched from the access records cached in the Internet space mapping system.

具体的,可以利用特征信息在各大互联网空间测绘系统缓存的访问记录中找到保留的与失效的网站或APP相关的历史访问记录(如图4所示,具有a1.apk),通过历史访问记录可对该失效的网站或APP继续进行溯源。进而根据历史访问记录,获取溯源线索信息。Specifically, the characteristic information can be used to find the historical access records related to the invalid website or APP in the access records cached by major Internet space mapping systems (as shown in Figure 4, with a1.apk), and the invalid website or APP can be traced through the historical access records. Then, the tracing clue information can be obtained based on the historical access records.

另一种方式:another way:

根据特征信息,获取与特征信息关联的其他存活网站或APP的历史访问记录,并将存活网站或APP的历史访问记录,作为与失效的网站或APP关联的历史访问记录。According to the characteristic information, historical access records of other surviving websites or apps associated with the characteristic information are obtained, and the historical access records of the surviving websites or apps are used as historical access records associated with the invalid website or app.

具体的,基于从失效的网站或APP提取的特征信息,可以扩线出该相关目标人员在互联网上的其他同类存活网站或APP,对还未关闭的网站或APP继续进行溯源。Specifically, based on the feature information extracted from the invalid website or APP, we can expand the line to other similar surviving websites or APPs of the relevant target person on the Internet, and continue to trace the websites or APPs that have not been closed.

如图5和图6所示的网站,只是网站地址和网站名称不同,其他基本类似。The websites shown in Figures 5 and 6 are basically similar except for the website addresses and website names.

将其他存活网站或APP的历史访问记录,作为与失效的网站或APP的历史访问记录,进而根据历史访问记录,获取溯源线索信息。The historical access records of other surviving websites or apps are used as the historical access records of the invalid website or app, and then the tracing clue information is obtained based on the historical access records.

上述实施方式中,若失效的网站或APP存在历史访问记录则获取对应的历史访问记录,若不存在历史访问记录,可以获取关联的其他存活网站或APP的历史访问记录,实现复杂度较低,能够实现在网站或APP失效的情况下对通过该网站或APP实施违法案件的目标人员进行身份溯源。In the above implementation, if the invalid website or APP has historical access records, the corresponding historical access records are obtained. If there are no historical access records, the historical access records of other associated surviving websites or APPs can be obtained. The implementation complexity is relatively low, and it is possible to trace the identity of the target person who committed a crime through the website or APP when the website or APP is invalid.

在一实施例中,步骤103可以通过如下方式实现:In one embodiment, step 103 may be implemented as follows:

根据历史访问记录,获取网页代码;Get the web page code based on historical access records;

对网页代码的关键信息进行提取,并将提取到的关键信息进行关联处理,得到溯源线索信息。The key information of the web page code is extracted, and the extracted key information is associated to obtain the traceability clue information.

具体的,根据历史访问记录,调用网页代码,对网页代码的关键信息进行提取,例如,网站关键词、APP信息、域名、IP地址等。Specifically, based on historical access records, the web page code is called to extract key information of the web page code, such as website keywords, APP information, domain names, IP addresses, etc.

例如,网页代码其中一部分如下:For example, part of the webpage code is as follows:

if(isweixin()){if(isweixin()){

//如果是则打开//If yes, open

}}

//否则打开//Otherwise open

else{else{

if(xxx){attr(“”,“/download/某某集团.apk”);}if(xxx){attr("","/download/XXX Group.apk");}

if(xxx){attr(“”,“/download/某某集团.apk”);}if(xxx){attr("","/download/XXX Group.apk");}

if(xxx){attr(“”,“https://www.huox.net/7975”);}if(xxx){attr("","https://www.huox.net/7975");}

}}

上述代码中,某某集团.apk为安卓系统的APP,/download/某某集团.apk表该安卓系统APP的下载,代码“www.huox.net/7975”表示苹果系统APP的下载地址。In the above code, XX Group.apk is an Android APP, /download/XX Group.apk represents the download of the Android APP, and the code “www.huox.net/7975” represents the download address of the Apple APP.

进一步,将提取到的关键信息进行关联处理,得到溯源线索信息。Furthermore, the extracted key information is associated and processed to obtain traceability clue information.

可以将多个网站的历史访问记录中提取的关键信息进行关联处理,例如部署多个网站是为了快速和便捷,对于部分信息只会简单修改或完全不修改,例如图5和图6中具有相同的关键词。The key information extracted from the historical access records of multiple websites can be associated and processed. For example, multiple websites are deployed for speed and convenience, and some information will only be simply modified or not modified at all, such as the same keywords in Figures 5 and 6.

例如,不同的网站地址(zyfd7711.com、hjjt381.com)存在相同的APP下载地址,不同团伙使用相同APP的概率很低,所以可以推断出是同一个团伙。For example, different website addresses (zyfd7711.com, hjjt381.com) have the same APP download address. The probability of different groups using the same APP is very low, so it can be inferred that they are the same group.

例如,不同的网站都具有第三方客服,如图3和图9所示,图9为在线客服的聊天界面,基于该界面可以查看到网页代码,基于网页代码获取到该第三方客服平台的调用链接。For example, different websites have third-party customer service, as shown in Figures 3 and 9. Figure 9 is a chat interface of online customer service, based on which the web page code can be viewed, and based on the web page code, a call link to the third-party customer service platform can be obtained.

可选地,对网页代码的关键信息进行提取,可以包括:Optionally, extracting key information from the webpage code may include:

通过正则匹配方式,识别网页代码中包括的APP信息,并获取APP的下载地址。Through regular matching, the APP information included in the web page code is identified, and the download address of the APP is obtained.

具体的,如图7所示,在网页代码中匹配到“.apk”,具有该后缀的文件为APP,然后在网页代码中查找到下载链接,并通过浏览器访问该下载链接,进而获取目标人员的身份信息,或者基于该下载链接提取相关的日志信息,进而获取到目标人员的身份信息。Specifically, as shown in Figure 7, ".apk" is matched in the web page code, and the file with this suffix is an APP. Then, a download link is found in the web page code, and the download link is accessed through a browser to obtain the identity information of the target person, or related log information is extracted based on the download link to obtain the identity information of the target person.

溯源线索信息包括该APP的下载地址。The tracing clue information includes the download address of the APP.

可选地,在APP下载地址所在网站已关闭的情况下,可利用其他具备缓存用户文件的应用程序(例如网盘等)进行下载,原理是:在用户下载文件时,该类应用程序会对用户文件进行缓存,以便其他用户进行下载时可以加速。Optionally, if the website where the APP download address is located is closed, you can use other applications that can cache user files (such as network disk, etc.) to download. The principle is: when the user downloads the file, this type of application will cache the user file so that other users can speed up the download.

在一实施例中,步骤“将提取到的关键信息进行关联处理,得到溯源线索信息”包括:In one embodiment, the step of “performing correlation processing on the extracted key information to obtain tracing clue information” includes:

若与失效的网站或APP关联的历史访问记录中包括多个网站的历史访问记录,则确定多个网站中是否存在与失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If the historical access records associated with the invalid website or APP include historical access records of multiple websites, determine whether there is a target website among the multiple websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于目标网站的特征信息,获取溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

具体的,如图5和图6所示的两个网站,假设图5所示的网站为失效的网站,图6的网站为通过失效的网站的特征信息获取到的网站,上述两个网站具有相同的关键词。Specifically, as shown in FIG. 5 and FIG. 6 , it is assumed that the website shown in FIG. 5 is an invalid website, and the website in FIG. 6 is a website obtained through feature information of the invalid website, and the two websites have the same keywords.

同个团伙在部署多个网站时会为了快速和便捷,对于部分非重要的信息一般会简单修改或完全不修改,例如图5和图6中具有相同的关键词。When the same gang deploys multiple websites, they will simply modify or not modify some non-important information for the sake of speed and convenience. For example, Figure 5 and Figure 6 have the same keywords.

其中,具有相同的DNS域名系统例如为不同的网站调用相同的DNS服务器地址。Among them, having the same DNS domain name system, for example, calls the same DNS server address for different websites.

如图5和图6所示,在网站页面信息相同(例如网站框架、页面布局、使用的APP下载地址相同),域名不同的两个网站,存在使用相同第三方客服账号的情况。As shown in Figures 5 and 6, there is a situation where two websites with the same website page information (such as the same website framework, page layout, and APP download address) but different domain names use the same third-party customer service account.

进一步,基于其他与失效的网站或APP相关的目标网站的特征信息,获取溯源线索信息。Furthermore, based on the characteristic information of other target websites related to the invalid websites or apps, the tracing clue information is obtained.

在另一实施例中,步骤“将提取到的关键信息进行关联处理,得到溯源线索信息”包括:In another embodiment, the step of “performing correlation processing on the extracted key information to obtain tracing clue information” includes:

若存活网站的数量为多个,确定多个存活网站中是否存在与失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If there are multiple surviving websites, determine whether there is a target website among the multiple surviving websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于目标网站的特征信息,获取溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

具体的,如图5和图6所示的两个网站,假设图5所示的网站为失效的网站,图6的网站为与与失效的网站关联的其他存活网站,上述两个网站具有相同的关键词。Specifically, as shown in FIG. 5 and FIG. 6 , it is assumed that the website shown in FIG. 5 is an invalid website, and the website in FIG. 6 is another surviving website associated with the invalid website, and the two websites have the same keywords.

同个团伙在部署多个网站时会为了快速和便捷,对于部分非重要的信息一般会简单修改或完全不修改,例如图5和图6中具有相同的关键词。When the same gang deploys multiple websites, they will simply modify or not modify some non-important information for the sake of speed and convenience. For example, Figure 5 and Figure 6 have the same keywords.

或,上述两个网站存在相同的APP下载地址,不同团伙使用相同APP的概率很低,所以可以推断出是同一个团伙。Or, the above two websites have the same APP download address, and the probability of different groups using the same APP is very low, so it can be inferred that they are the same group.

进一步,基于存活的目标网站的特征信息,获取失效网站或APP的溯源线索信息。Furthermore, based on the characteristic information of the surviving target website, the tracing clue information of the invalid website or APP is obtained.

上述实施方式中,若存在多个网站的历史访问记录,为了提高溯源效率以及准确性,可以确定多个网站中是否存在与失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统,最后基于该目标网站的特征信息,获取失效网站或APP的溯源线索信息。In the above implementation, if there are historical visit records of multiple websites, in order to improve the tracing efficiency and accuracy, it can be determined whether there is a target website among the multiple websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account or having the same DNS domain name system. Finally, based on the characteristic information of the target website, the tracing clue information of the invalid website or APP is obtained.

在一实施例中,如图10所示,该方法包括:In one embodiment, as shown in FIG10 , the method includes:

基于失效的网站或APP,提取特征;Extract features based on invalid websites or apps;

进一步,基于提取到的特征,获取历史访问记录,包括以下两种方式:Furthermore, based on the extracted features, historical access records are obtained in the following two ways:

方式1、通过互联网空间测绘系统查找到相关的历史访问记录;Method 1: Find relevant historical access records through the Internet spatial mapping system;

方式2、查找其他同类存活网站或APP的历史访问记录;Method 2: Find the historical access records of other similar surviving websites or apps;

基于历史访问记录,获取到关键的溯源线索信息;Based on historical access records, key tracing clues are obtained;

最后,对身份信息进行确认。Finally, confirm the identity information.

例如,从缓存的历史访问记录中的网站代码和关联的其他域名中找出涉案的第三方平台的调用链接、APP下载地址、相关域名信息等。可以基于溯源线索信息到第三方平台调取相关数据。调取的数据信息例如包含用户账号信息,如真实姓名、联系方式、身份证号、用户登录IP、支付记录等。For example, the website code and other associated domain names in the cached historical access records can be used to find the call link, APP download address, and related domain name information of the third-party platform involved in the case. Relevant data can be retrieved from the third-party platform based on the tracing clue information. The retrieved data information includes, for example, user account information, such as real name, contact information, ID number, user login IP, payment record, etc.

在进行数据分析时,用多个相关域名、第三方平台的调用链接、用户登录IP、支付记录的调证信息进行综合比对后,可研判出目标人员的身份。When conducting data analysis, the identity of the target person can be determined by comprehensive comparison of multiple related domain names, call links of third-party platforms, user login IPs, and payment record verification information.

研判技术细节:Technical details of the analysis:

1.不同网站调证信息中有相同IP在接近的时间内有登录记录。1. The verification information of different websites shows that the same IP has login records at a close time.

2.同一个人在不同调证信息中出现。2. The same person appears in different verification information.

3.不同站点的支付人员身份信息相同。3. The identity information of the payers at different sites is the same.

4.不同调证信息中存在相同的联系方式,如邮箱号相同、手机号相同。4. The same contact information exists in different verification information, such as the same email address and mobile phone number.

下面对本发明提供的身份信息溯源装置进行描述,下文描述的身份信息溯源装置与上文描述的身份信息溯源方法可相互对应参照。The identity information tracing device provided by the present invention is described below. The identity information tracing device described below and the identity information tracing method described above can be referenced to each other.

图11是本发明提供的身份信息溯源装置一实施例的结构示意图。如图11所示,本实施例提供的身份信息溯源装置,包括:FIG11 is a schematic diagram of the structure of an embodiment of an identity information tracing device provided by the present invention. As shown in FIG11 , the identity information tracing device provided by this embodiment includes:

获取模块210,用于提取失效的网站或应用程序APP的特征信息;An acquisition module 210 is used to extract characteristic information of an invalid website or application program APP;

所述获取模块210,还用于根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录;The acquisition module 210 is further configured to acquire, from the cached access records, historical access records associated with the invalid website or APP according to the characteristic information;

处理模块220,用于根据所述历史访问记录,获取溯源线索信息;所述溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;The processing module 220 is used to obtain the tracing clue information according to the historical access record; the tracing clue information includes at least one of the following: APP download address, call link of the third-party platform, page keyword, website type, and associated domain name information;

所述处理模块220,还用于根据所述溯源线索信息获取目标人员的身份信息。The processing module 220 is further used to obtain the identity information of the target person according to the tracing clue information.

可选地,所述获取模块210,具体用于:Optionally, the acquisition module 210 is specifically configured to:

根据所述特征信息,从互联网空间测绘系统中缓存的访问记录中,查找与所述失效的网站或APP关联的历史访问记录;或,According to the characteristic information, searching for historical access records associated with the invalid website or APP from the access records cached in the Internet space mapping system; or,

根据所述特征信息,获取与所述特征信息关联的其他存活网站或APP的历史访问记录,并将所述存活网站或APP的历史访问记录,作为与所述失效的网站或APP关联的历史访问记录。According to the characteristic information, historical access records of other surviving websites or APPs associated with the characteristic information are obtained, and the historical access records of the surviving websites or APPs are used as historical access records associated with the invalid website or APP.

可选地,所述处理模块220,具体用于:Optionally, the processing module 220 is specifically configured to:

根据所述历史访问记录,获取网页代码;Obtaining web page code according to the historical access record;

对所述网页代码的关键信息进行提取,并将提取到的关键信息进行关联处理,得到所述溯源线索信息。The key information of the webpage code is extracted, and the extracted key information is associated to obtain the tracing clue information.

可选地,所述处理模块220,具体用于:Optionally, the processing module 220 is specifically configured to:

若与所述失效的网站或APP关联的历史访问记录中包括多个网站的历史访问记录,则确定多个所述网站中是否存在与所述失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,所述相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If the historical access records associated with the invalid website or APP include historical access records of multiple websites, determine whether there is a target website among the multiple websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于所述目标网站的特征信息,获取所述溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

可选地,所述处理模块220,具体用于:Optionally, the processing module 220 is specifically configured to:

若所述存活网站的数量为多个,确定多个所述存活网站中是否存在与所述失效的网站之间满足以下至少一种条件的目标网站:具有相同的关键词、具有相同的APP下载地址、具有相同的第三方账号或具有相同的DNS域名系统;其中,所述相同的第三方账号包括:相同第三方平台的相同账号或相同第三方平台的不同账号;If there are multiple surviving websites, determine whether there is a target website among the multiple surviving websites that meets at least one of the following conditions with the invalid website: having the same keywords, having the same APP download address, having the same third-party account, or having the same DNS domain name system; wherein the same third-party account includes: the same account of the same third-party platform or different accounts of the same third-party platform;

若是,则基于所述目标网站的特征信息,获取所述溯源线索信息。If so, the tracing clue information is obtained based on the characteristic information of the target website.

可选地,所述处理模块220,具体用于:Optionally, the processing module 220 is specifically configured to:

通过正则匹配方式,识别所述网页代码中包括的APP信息,并获取所述APP的下载地址。Through regular matching, the APP information included in the webpage code is identified, and the download address of the APP is obtained.

可选地,所述特征信息包括以下至少一项:域名、IP地址、网站关键词、请求地址、标志信息、联系方式和IOC信息。Optionally, the characteristic information includes at least one of the following: domain name, IP address, website keyword, request address, logo information, contact information and IOC information.

本发明实施例的装置,其用于执行前述任一方法实施例中的方法,其实现原理和技术效果类似,此次不再赘述。The device of the embodiment of the present invention is used to execute the method in any of the aforementioned method embodiments. Its implementation principle and technical effects are similar and will not be described in detail here.

举个例子如下:Here is an example:

图12示例了一种电子设备的实体结构示意图,如图12所示,该电子设备可以包括:处理器(processor)810、通信接口(Communications Interface)820、存储器(memory)830和通信总线840,其中,处理器810,通信接口820,存储器830通过通信总线840完成相互间的通信。处理器810可以调用存储器830中的逻辑指令,以执行如下方法,该方法包括:提取失效的网站或应用程序APP的特征信息;根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录;根据所述历史访问记录,获取溯源线索信息;所述溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;根据所述溯源线索信息获取目标人员的身份信息。FIG12 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG12, the electronic device may include: a processor 810, a communication interface 820, a memory 830 and a communication bus 840, wherein the processor 810, the communication interface 820 and the memory 830 communicate with each other through the communication bus 840. The processor 810 may call the logic instructions in the memory 830 to execute the following method, which includes: extracting feature information of an invalid website or application APP; according to the feature information, obtaining historical access records associated with the invalid website or APP from the cached access records; according to the historical access records, obtaining tracing clue information; the tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information; according to the tracing clue information, obtaining the identity information of the target person.

此外,上述的存储器830中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the logic instructions in the above-mentioned memory 830 can be implemented in the form of a software functional unit and can be stored in a computer-readable storage medium when it is sold or used as an independent product. Based on such an understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art or the part of the technical solution, can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), disk or optical disk and other media that can store program codes.

另一方面,本发明实施例还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各实施例提供的身份信息溯源方法包括:提取失效的网站或应用程序APP的特征信息;根据所述特征信息,从缓存的访问记录中获取与所述失效的网站或APP关联的历史访问记录;根据所述历史访问记录,获取溯源线索信息;所述溯源线索信息包括以下至少一项:APP下载地址、第三方平台的调用链接、页面关键词、网站类型、关联的域名信息;根据所述溯源线索信息获取目标人员的身份信息。On the other hand, an embodiment of the present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon. When the computer program is executed by a processor, the identity information tracing method provided in the above embodiments includes: extracting characteristic information of an invalid website or application APP; based on the characteristic information, obtaining historical access records associated with the invalid website or APP from cached access records; based on the historical access records, obtaining tracing clue information; the tracing clue information includes at least one of the following: APP download address, call link of a third-party platform, page keywords, website type, and associated domain name information; and obtaining the identity information of the target person based on the tracing clue information.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the scheme of this embodiment. Those of ordinary skill in the art may understand and implement it without creative work.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solution is essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, a disk, an optical disk, etc., including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in each embodiment or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit it. Although the present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The identity information tracing method is characterized by comprising the following steps of:
extracting feature information of a dead website or application program APP;
According to the characteristic information, acquiring a historical access record associated with the invalid website or APP from the cached access record; the obtaining, from the cached access records, a historical access record associated with the failed website or APP, including: according to the characteristic information, acquiring historical access records of other survival websites or APP related to the characteristic information, and taking the historical access records of the survival websites or APP as the historical access records related to the invalid websites or APP;
Acquiring tracing clue information according to the history access record; the trace source cue information comprises at least one of the following: APP download address, call link of third party platform, page keyword, website type, and associated domain name information;
And acquiring the identity information of the target personnel for implementing the illegal acting according to the traceability clue information.
2. The method for tracing identity information according to claim 1, wherein the step of obtaining, from the cached access records, a history access record associated with the failed website or APP according to the characteristic information comprises:
and searching historical access records associated with the invalid website or APP from access records cached in the Internet spatial mapping system according to the characteristic information.
3. The method for tracing identity information according to claim 1 or 2, wherein the obtaining tracing cue information according to the history access record includes:
Acquiring a webpage code according to the history access record;
and extracting the key information of the webpage codes, and carrying out association processing on the extracted key information to obtain the tracing cue information.
4. The method for tracing identity information according to claim 3, wherein the performing association processing on the extracted key information to obtain the tracing cue information includes:
If the historical access records associated with the failed website or APP comprise the historical access records of a plurality of websites, determining whether target websites meeting at least one of the following conditions with the failed website exist in the websites: have the same keyword, have the same APP download address, have the same third party account number, or have the same DNS domain name system; wherein the same third party account number comprises: the same account number of the same third party platform or different account numbers of the same third party platform;
If yes, acquiring the tracing clue information based on the characteristic information of the target website.
5. The method for tracing identity information according to claim 3, wherein the performing association processing on the extracted key information to obtain the tracing cue information includes:
If the number of the surviving websites is a plurality, determining whether target websites meeting at least one of the following conditions with the failed websites exist in the surviving websites: have the same keyword, have the same APP download address, have the same third party account number, or have the same DNS domain name system; wherein the same third party account number comprises: the same account number of the same third party platform or different account numbers of the same third party platform;
If yes, acquiring the tracing clue information based on the characteristic information of the target website.
6. The method for tracing identity information according to claim 3, wherein the extracting key information of the web page code comprises:
And identifying APP information included in the webpage codes in a regular matching mode, and acquiring the downloading address of the APP.
7. The identity information tracing method according to claim 1 or 2, wherein the characteristic information comprises at least one of the following: domain name, IP address, website keywords, request address, flag information, contact information, and IOC information.
8. An identity information traceability device, comprising:
the acquisition module is used for extracting the characteristic information of the invalid website or application program APP;
The acquisition module is further used for acquiring a history access record associated with the invalid website or APP from the cached access record according to the characteristic information; the obtaining, from the cached access records, a historical access record associated with the failed website or APP, including: according to the characteristic information, acquiring historical access records of other survival websites or APP related to the characteristic information, and taking the historical access records of the survival websites or APP as the historical access records related to the invalid websites or APP;
The processing module is used for acquiring tracing cue information according to the history access record; the trace source cue information comprises at least one of the following: APP download address, call link of third party platform, page keyword, website type, and associated domain name information;
And the processing module is also used for acquiring the identity information of the target personnel for implementing the illegal acting according to the traceability clue information.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the identity information tracing method of any one of claims 1 to 7 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the identity information tracing method of any one of claims 1 to 7.
CN202111501802.7A 2021-12-09 2021-12-09 Identity information tracing method, device, equipment, storage medium and program Active CN114390026B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111501802.7A CN114390026B (en) 2021-12-09 2021-12-09 Identity information tracing method, device, equipment, storage medium and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111501802.7A CN114390026B (en) 2021-12-09 2021-12-09 Identity information tracing method, device, equipment, storage medium and program

Publications (2)

Publication Number Publication Date
CN114390026A CN114390026A (en) 2022-04-22
CN114390026B true CN114390026B (en) 2024-04-26

Family

ID=81196062

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111501802.7A Active CN114390026B (en) 2021-12-09 2021-12-09 Identity information tracing method, device, equipment, storage medium and program

Country Status (1)

Country Link
CN (1) CN114390026B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105426415A (en) * 2015-10-30 2016-03-23 Tcl集团股份有限公司 Management method, device and system of website access request
CN107122987A (en) * 2017-06-20 2017-09-01 深圳安巽科技有限公司 A kind of early warning system and method for order for arrest swindle
CN109446768A (en) * 2018-10-09 2019-03-08 北京北信源软件股份有限公司 Application access abnormal behavior detection method and system
CN111723083A (en) * 2020-06-23 2020-09-29 北京思特奇信息技术股份有限公司 User identity identification method and device, electronic equipment and storage medium
CN113609396A (en) * 2021-08-11 2021-11-05 杭州安恒信息安全技术有限公司 Method, system, electronic device and storage medium for collecting clues of network-related events

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7457823B2 (en) * 2004-05-02 2008-11-25 Markmonitor Inc. Methods and systems for analyzing data related to possible online fraud
US20070016951A1 (en) * 2005-07-13 2007-01-18 Piccard Paul L Systems and methods for identifying sources of malware

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105426415A (en) * 2015-10-30 2016-03-23 Tcl集团股份有限公司 Management method, device and system of website access request
CN107122987A (en) * 2017-06-20 2017-09-01 深圳安巽科技有限公司 A kind of early warning system and method for order for arrest swindle
CN109446768A (en) * 2018-10-09 2019-03-08 北京北信源软件股份有限公司 Application access abnormal behavior detection method and system
CN111723083A (en) * 2020-06-23 2020-09-29 北京思特奇信息技术股份有限公司 User identity identification method and device, electronic equipment and storage medium
CN113609396A (en) * 2021-08-11 2021-11-05 杭州安恒信息安全技术有限公司 Method, system, electronic device and storage medium for collecting clues of network-related events

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Chrome浏览器历史记录提取与分析;杨雪;靳慧云;;计算机应用与软件(第12期);全文 *

Also Published As

Publication number Publication date
CN114390026A (en) 2022-04-22

Similar Documents

Publication Publication Date Title
US11223637B2 (en) Detecting attacks on web applications using server logs
US11956272B2 (en) Identifying legitimate websites to remove false positives from domain discovery analysis
JP7073343B2 (en) Security vulnerabilities and intrusion detection and repair in obfuscated website content
RU2637477C1 (en) System and method for detecting phishing web pages
US11196746B2 (en) Whitelisting of trusted accessors to restricted web pages
KR100723867B1 (en) Phishing web page blocking device and method
US9055097B1 (en) Social network scanning
RU2701040C1 (en) Method and a computer for informing on malicious web resources
US20140325662A1 (en) Protecting against suspect social entities
US11394722B2 (en) Social media rule engine
US9489526B1 (en) Pre-analyzing served content
JP2015511340A (en) System and method for dynamic scoring of online fraud detection
CN107590169A (en) Operator gateway data preprocessing method and system
Ramanathan et al. Phishing Website detection using latent Dirichlet allocation and AdaBoost
US12026232B2 (en) System and method for digitally fingerprinting phishing actors
Jain et al. APuML: an efficient approach to detect mobile phishing webpages using machine learning
Wang et al. Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations.
CN113454621A (en) Method, apparatus and computer program for collecting data from multiple domains
Jisha et al. Mobile applications recommendation based on user ratings and permissions
CN115208643A (en) Tracing method and device based on WEB dynamic defense
Park et al. Forensic investigation framework for cryptocurrency wallet in the end device
Sakai et al. An automatic detection system for fake Japanese shopping sites using fastText and LightGBM
CN110069686A (en) User behavior analysis method, apparatus, computer installation and storage medium
CN114390026B (en) Identity information tracing method, device, equipment, storage medium and program
KR102311355B1 (en) Phishing malware detection method for public and financial institutions using words in image and voice files and whitelists

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant before: QAX Technology Group Inc.

Country or region before: China

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant