关于hostnoc的信息

本文目录：

• 1、如何用python登陆qq读取信息
• 2、谁能大致翻译
• 3、病毒名称Trojian.Qhost.ABW这个病毒对计算机有的害处，有危险吗？
• 4、60.30.253.206是天津哪个网吧？具体地址是？
• 5、这是一个IP的WHOIS,是什么意思啊
• 6、221.195.99.35的IP具体是哪啊 越具体越好啊 谢谢

如何用python登陆qq读取信息

一次偶然的机会我看见了一个群里的一个QQ号总是根据你所发的消息自动回复，当时很感觉到神奇，我知道可以模拟登录网站，没想到竟然也能模拟登录QQ，首先自己想到的就是如何实现模拟登录PC端的QQ， 开始研究了下，发现QQ所发送的包都很难理解。

于是就转到了网页版的QQ，因为在网页里可以捕获所有的请求从而更好的实现模拟功能！

首先第一步就是打开网页版的qq，打开浏览器的开发者模式 这里可以监控所有的请求！

打开登录界面的的时候

会捕捉到一个GET请求

其中uin是你的QQ号

返回值是 ptui_checkVC(‘1′,’AAr4bdjMeh2hEa77PTuoHhqMTxbRqOp3′,’\x00\x00\x00\x00\x00\xa1\x92\x12’);

其中1表示需要验证码 还有一种返回值 ptui_checkVC(‘0′,’!LJV’,’\x00\x00\x00\x00\x00\xa1\x92\x12′) 这种表示是不需要的验证码的

[python] view plain copy

def CheckVerify(self,uin):

check=”h”

check=check.replace(‘{uin}’,uin)

pattern=re.compile(“ptui_checkVC′(.∗)′,′(.∗)′,′(.∗)′;”)

result=self.Get(check)

checked= pattern.search(result).groups()

print ‘Step1: CheckVerify’

return checked

获取验证码的方法

[python] view plain copy

def GetVerify(self):

url = ‘hage?uin=’+str(self.QQ)+’aid=10021010.45644426648505’ + str(random.randint(10,99))

verify=”htqq.com/getimage?aid=1003903r=0.6472875226754695uin={QQ}cap_cd=aSD-ZVcNEcozlZUurhNYhp-MBHf4hjbJ”

verify=verify.replace(‘{QQ}’,self.QQ)

path= r”c:/verify/1.jpg”

data = urllib.urlretrieve(url,path)

data = urllib2.urlopen(verify)

localPic =open(r”c:/verify/1.jpg”,’wb’)

localPic.write(data.read())

localPic.close()

data.close()

输入用户名和密码 还有验证码后发送一个GET请求

这里面u代表账号  p代表密码 密码是经过一定算法加密的 verify是验证码

加密算法如下

[python] view plain copy

def PasswordSecret(self,password,v1,v2,md5=True):

if md5==True:

password=self.PCMd5(password).upper()

length=len(password)

temp=”

for i in range(0,length,2):

temp+=r’\x’+password[i:i+2]

return self.PCMd5(self.PCMd5(self.hex2asc(temp)+self.hex2asc(v2)).upper()+v1).upper()

md5加密函数

def PCMd5(self,s):

h=hashlib.md5()

h.update(s)

return h.hexdigest()

16进制转字符

def hex2asc(self,s):

_str=””.join(s.split(r’\x’))

length=len(_str)

data=”

for i in range(0,length,2):

data+=chr(int(_str[i:i+2],16))

return data

然后是登录部分代码

[python] view plain copy

def Login(self,uin,pwd):

获取参数

cheked=self.CheckVerify(uin)

加密密码

pwd=self.PasswordSecret(pwd,cheked[1],cheked[2])

pwd=self.PasswordSecret(pwd,r’AAST’,r’\x00\x00\x00\x00\x00\xa1\x92\x12′)

loginurl=”ht=1g=1js_type=0js_ver=10080login_sig=YPD0P*wu2n8vW1OS2f7VfzvPf3Ku5vnkP4nzImF0GybR02fsKZdjGYB7f9R7nQRnpt_uistyle=5″

loginurl=loginurl.replace(‘{uin}’,uin)

loginurl=loginurl.replace(‘{pwd}’,pwd)

loginurl=loginurl.replace(‘{verify}’,cheked[1])

result=Get(loginurl)

if(cheked[0]==”1″):

下载验证码

self.GetVerify()

image = Image.open(r”c:/verify/1.jpg”)

image.show()

code=raw_input(“verifycode:”).strip()

loginurl=loginurl.replace(‘{verify}’,code.upper())

pwd=self.PasswordSecret(pwd,r”+code.upper(),cheked[2])

pwd=self.PasswordSecret(pwd,cheked[1],cheked[2])

else:

loginurl=loginurl.replace(‘{verify}’,cheked[1])

pwd=self.PasswordSecret(pwd,cheked[1],cheked[2])

loginurl=loginurl.replace(‘{pwd}’,pwd)

result=self.Get(loginurl,’ssl.ptlogin2.qq.com’,’hin2.qq.com/cgi-bin/login?daid=164target=selfstyle=5mibao_css=m_webqqappid=1003903enable_qlogin=0no_verifyimg=1s_urlm%2Floginproxy.htmlf_url=loginerroralertstrong_login=1login_state=10t=20140514001′,None)

print ‘Step2: Login’

pattern=re.compile(“ptuiCB′(.∗)′,′(.∗)′,′(.∗)′,′(.∗)′,′(.∗)′,\s′(.∗)′;”)

ret= pattern.search(result).groups()

获取必要的cookie 否则第二次登陆会出错

self.Get(ret[2])

print ‘Step3: GetCookie’

for c in self.cj:

if c.name==”ptwebqq”:

self.ptwebqq=c.value

return result

登录成功后服务器会返回一串json数据

ptuiCB(‘0′,’0′,’ebqq_type%3D10f_url=ptlang=2052ptredirect=100aid=1003903daid=164j_later=0low_login_hour=0regmaster=0pt_login_type=1pt_aid=0pt_aaid=0pt_light=0′,’0′,’登录成功！’, ‘小竹’);

第一个为0 就表示登录成功了 ，但是这并没有真正的登录成功

上面的返回值中的url是用来获取一个关键cookie的 那就是ptwebqq

然后进行第二次登录，这次才是真正的登录

请求如下

Accept:*/*

Accept-Encoding:gzip,deflate,sdch

Accept-Language:zh-CN,zh;q=0.8

Connection:keep-alive

Content-Length:244

Content-Type:application/x-www-form-urlencoded

Cookie:o_cookie=455910092; RK=fMEaWEZ0Qc; ts_last=web2.qq.com/; ts_refer=; ts_uid=4588821804; pgv_pvid=914251705; pgv_info=ssid=s3525422600pgvReferrer=; verifysession=h02LeYrtarkWBZeSu_czkiczeNSNlDm7V1mCm-A5qatkwnHaNfgb2z46zH4X7OfyhFT7wH6LfschPvSLhDGXFA4eA**; ptui_loginuin=10588690; ptisp=cnc; ptcz=dace9cf90e7064a16ee56c8153273eff9f2de1d2827ba31f6571412ac18c50c3; ptwebqq=b21232ed3519839063d1c2ead8a8588c385d168097efdf88bc56e1a78be7dfb4; pt2gguin=o0010588690; uin=o0010588690; skey=@gmEO6N2JD; p_uin=o0010588690; p_skey=cZ5*kS-NOcXlD2Q0AEpJnmExwC2yA0g7jbTygpVFiA8_; pt4_token=1SyuJ39Eq6oKEwEhGIizeg__

Host:d.web2.qq.com

Origin:h

Referer:htttml?v=20110331002callback=1id=2

User-Agent:Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36

Form Dataview sourceview URL encoded

r:{“status”:”online”,”ptwebqq”:”b21232ed3519839063d1c2ead8a8588c385d168097efdf88bc56e1a78be7dfb4″,”passwd_sig”:””,”clientid”:”7963288″,”psessionid”:null}

clientid:7963288

psessionid:null

其中的ptwebqq就是刚才我们从cookie中获取的

这部分代码是

[python] view plain copy

def Login2(self):

try:

url=”htel/login2″

postdata=”r=%7B%22status%22%3A%22online%22%2C%22ptwebqq%22%3A%22{$ptwebqq}%22%2C%22passwd_sig%22%3A%22%22%2C%22clientid%22%3A%22{$clientid}%22%2C%22psessionid%22%3Anull%7Dclientid={$clientid}psessionid=null”

postdata=postdata.replace(“{$ptwebqq}”,self.ptwebqq)

postdata=postdata.replace(“{$clientid}”,str(self.clientid))

print ‘Step4: Login2’

result=self.Post(url,postdata,QQRobot.HOST[0],QQRobot.REFERER[0],QQRobot.ORIGIN[0])

retjson=json.loads(result)

retjson=retjson[“result”]

return retjson

except Exception,e:

print “Login2 error “+str(e)

第二次登陆成功后会返回一个

”'{“retcode”:0,

“result”:{

“uin”:10588690,

“cip”:1707901841,

“index”:1075,

“port”:59571,

“status”:”online”,

“vfwebqq”:”c043f1f6ce5c3b76a4603ab60082668bef2dde0b987808f728e2071eb7c164eeb30fcd85c31018d2″,

“psessionid”:”8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363000006cb000001ae1036200a192126d0000000a40356c593742635175316d00000028c043f1f6ce5c3b76a4603ab60082668bef2dde0b987808f728e2071eb7c164eeb30fcd85c31018d2″,

“user_state”:0,

“f”:0

}

}”’

这样的数据结构  其中0表示登陆成功

需要把这写数据保存下来 后面进行操作需要

登陆成功后我们就可以拉去群列表了

[python] view plain copy

获取群列表信息

def GetGroupNameList(self,vfwebqq):

try:

url=”h/get_group_name_list_mask2″

postdata=”r=%7B%22vfwebqq%22%3A%22{$vfwebqq}%22%7D”

postdata=postdata.replace(“{$vfwebqq}”,vfwebqq)

ret=self.Post(url,postdata,QQRobot.HOST[1],QQRobot.REFERER[1],QQRobot.ORIGIN[1])

print ‘Step5: GetGroupList’

retjson=json.loads(ret)

retjson=retjson[“result”]

self.grouplist=retjson

for group in self.grouplist[‘gnamelist’]:

print group[“code”],group[“name”]

except Exception,e:

谁能大致翻译

inetnum: 60.220.0.0- 60.223.255.255

netname: CNCGROUP- SX

descr: CNCGROUP Shanxi 省网络

descr: 中国网络沟通团体公司

descr: No.156 ， Fu- Xing- 男人- Nei 的的街道,

descr: 北京 100031

国家: CN

管理-c: CH455- 美联社

科技-c: XH63- 美联社

评论: 服务供给者

mnt-被: APNIC- HM

mnt-降低: MAINT-CNCGROUP- SX

mnt-路径: MAINT-CNCGROUP- RR

状态: 分派手提式的

评论: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

评论: 这一个物体才能被 APNIC hostmasters 更新。

评论: 为了更新这一个物体, 请连络 APNIC

评论: hostmasters 而且包括你的组织帐户

评论: 在服从的线中命名。

评论: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

改变: hm- changed@apnic.net 20040716

改变: hm- changed@apnic.net 20060124

来源: APNIC

角色: CNCGroup Hostmaster

电子邮件: abuse@cnc- noc.net

住址: No.156 ， Fu- Xing- 男人- Nei 的的街道,

住址: 北京,100031, P.R.China

nic-hdl: CH455- 美联社

电话: +86-10-82993155

传真-不: +86-10-82993102

国家: CN

管理-c: CH444- 美联社

科技-c: CH444- 美联社

改变: abuse@cnc- noc.net 20041119

mnt-被: MAINT- CNCGROUP

来源: APNIC

人: xuehong han

住址: 北的道路 YouDian 前面街道号码的 BingZhou2 ShanXi 数据 Communciation 局 TaiYuan ShanXi 中国

国家: CN

电话: +86-351-4091749

传真-不: +86-351-4088347

电子邮件: hxh@public.ty.sx.cn

nic-hdl: XH63- 美联社

mnt-被: MAINT-中国公用计算器交互网- SX

改变: hxh@public.ty.sx.cn 20010208

来源: APNIC

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation’s account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: hm-changed@apnic.net 20040716

changed: hm-changed@apnic.net 20060124

source: APNIC

role: CNCGroup Hostmaster

e-mail: abuse@cnc-noc.net

address: No.156,Fu-Xing-Men-Nei Street,

address: Beijing,100031,P.R.China

nic-hdl: CH455-AP

phone: +86-10-82993155

fax-no: +86-10-82993102

country: CN

admin-c: CH444-AP

tech-c: CH444-AP

changed: abuse@cnc-noc.net 20041119

mnt-by: MAINT-CNCGROUP

source: APNIC

person: xuehong han

address: BingZhou North Road YouDian Front Street NO.2 ShanXi Data Communciation Bureau TaiYuan ShanXi China

country: CN

phone: +86-351-4091749

fax-no: +86-351-4088347

e-mail: hxh@public.ty.sx.cn

nic-hdl: XH63-AP

mnt-by: MAINT-CHINANET-SX

changed: hxh@public.ty.sx.cn 20010208

source: APNIC

病毒名称Trojian.Qhost.ABW这个病毒对计算机有的害处，有危险吗？

病毒名称Trojian.Qhost.ABW

用于发送垃圾邮件

激活病毒后：

文件改动：

创建：

C:\WINDOWS\system32\rwkje.dll

%USERPROFILE%\Application Data\Microsoft\20509.dat

修改hosts文件：

127.0.0.1

127.0.0.1 rads.mcafee.com

127.0.0.1 customer.symantec.com

127.0.0.1 liveupdate.symantec.com

127.0.0.1 us.mcafee.com

127.0.0.1 updates.symantec.com

127.0.0.1

127.0.0.1 secure.nai.com

127.0.0.1 dispatch.mcafee.com

127.0.0.1 download.mcafee.com

127.0.0.1

127.0.0.1 mast.mcafee.com

127.0.0.1 ca.com

127.0.0.1

127.0.0.1 networkassociates.com

127.0.0.1

127.0.0.1 avp.com

127.0.0.1

127.0.0.1

127.0.0.1 downloads4.kaspersky-labs.com

127.0.0.1 downloads3.kaspersky-labs.com

127.0.0.1 downloads2.kaspersky-labs.com

127.0.0.1 downloads1.kaspersky-labs.com

127.0.0.1

127.0.0.1 viruslist.com

127.0.0.1

127.0.0.1 liveupdate.symantecliveupdate.com

127.0.0.1

127.0.0.1 sophos.com

127.0.0.1

127.0.0.1 securityresponse.symantec.com

127.0.0.1

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

注册表改动：

添加：

HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B20509} Desired Access: Maximum Allowed

HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B20509}\InProcServer32 Desired Access: All Access

HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B20509}\InProcServer32\(Default) Type: REG_SZ, Length: 60, Data: C:\WINDOWS\system32\rwkje.dll

HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B20509}\InProcServer32\ThreadingModel Type: REG_SZ, Length: 20, Data: Apartment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{2C1CD3D7-86AC-4068-93BC-A02304B20509} Type: REG_SZ, Length: 36, Data: DCOM Server 20509

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DCOM Server 20509 Type: REG_SZ, Length: 78, Data: {2C1CD3D7-86AC-4068-93BC-A02304B20509}

删除：

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DCOM Server

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

网络动作：

访问：

连接大量远程IP：

205.210.42.53:25

216.55.181.47:25

64.224.219.122:25

213.171.216.118:25

213.171.216.65:25

64.18.4.14:25

68.142.224.244:25

213.171.216.119:25

87.127.55.194:25

217.150.98.44:25

80.237.138.5:25

85.113.82.108:25

213.133.201.67:25

195.249.40.19:25

208.65.145.12:25

66.224.47.162:25

64.129.67.68:25

72.52.129.166:25

216.122.128.19:25

208.65.144.12:25

64.97.156.1:25

213.229.60.100:25

80.152.31.31:25

216.255.230.56:25

212.96.9.236:25

61.55.136.27:25

212.30.27.114:25

208.65.144.13:25

208.57.0.13:25

213.186.38.19:25

68.115.194.2:25

217.148.170.241:25

203.22.70.85:25

216.219.253.196:25

65.54.247.8:25

212.227.15.134:25

64.202.166.12:25

64.202.166.11:25

217.148.170.240:25

81.29.82.108:25

81.95.149.10:25

66.9.50.196:25

208.65.144.11:25

213.171.216.100:25

212.227.15.169:25

216.129.90.46:25

85.17.37.147:25

216.58.226.179:25

91.142.210.118:25

74.208.5.3:25

211.41.82.76:25

211.147.208.41:25

80.168.70.65:25

218.12.34.44:25

80.168.70.69:25

24.28.204.37:25

217.151.103.6:25

213.251.136.18:25

212.227.15.186:25

205.178.149.7:25

62.157.88.98:25

64.255.237.184:25

196.25.211.151:25

64.255.237.202:25

64.255.237.200:25

212.227.15.150:25

216.178.94.66:25

64.255.237.199:25

216.86.146.6:25

64.255.237.186:25

205.234.240.99:25

64.255.237.185:25

63.247.142.49:25

211.41.82.72:25

194.217.242.208:25

195.238.5.129:25

64.255.237.201:25

207.8.200.189:25

216.85.198.138:25

211.41.82.74:25

211.41.82.73:25

216.58.226.180:25

81.92.194.108:25

64.18.6.13:25

198.63.38.203:25

74.165.41.253:25

12.43.15.3:25

200.219.165.150:25

80.189.92.100:25

198.185.2.85:25

80.69.67.21:25

198.185.2.84:25

64.18.6.10:25

208.11.75.2:25

213.133.220.45:25

66.75.160.143:25

80.189.94.100:25

208.65.144.1:25

211.41.82.75:25

81.92.194.106:25

213.171.216.112:25

67.100.117.242:25

208.65.144.3:25

74.208.5.4:25

24.28.204.21:25

207.5.0.5:25

64.18.6.11:25

66.6.63.80:25

193.198.40.88:25

208.65.144.2:25

213.253.170.38:25

198.64.7.44:25

65.24.7.66:25

207.97.242.4:25

66.75.160.141:25

217.160.226.100:25

都是25端口，用ping /a ip试了几个，发现都是一些有点名气的邮件服务器

60.30.253.206是天津哪个网吧？具体地址是？

inetnum: 60.24.0.0 – 60.30.255.255

netname: CNCGROUP-TJ

country: CN

descr: CNCGROUP Tianjin province network

admin-c: CH455-AP

tech-c: HZ19-AP

status: ALLOCATED PORTABLE

mnt-by: APNIC-HM

mnt-lower: MAINT-CNCGROUP-TJ

mnt-routes: MAINT-CNCGROUP-RR

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation’s account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: hm-changed@apnic.net 20040416

changed: hm-changed@apnic.net 20060124

source: APNIC

route: 60.30.0.0/16

descr: CNC Group CHINA169 Tianjin Province Network

country: CN

origin: AS4837

mnt-by: MAINT-CNCGROUP-RR

changed: abuse@cnc-noc.net 20060118

source: APNIC

role: CNCGroup Hostmaster

e-mail: abuse@cnc-noc.net

address: No.156,Fu-Xing-Men-Nei Street,

address: Beijing,100031,P.R.China

nic-hdl: CH455-AP

phone: +86-10-82993155

fax-no: +86-10-82993102

country: CN

admin-c: CH444-AP

tech-c: CH444-AP

changed: abuse@cnc-noc.net 20041119

mnt-by: MAINT-CNCGROUP

source: APNIC

person: huang zheng

nic-hdl: HZ19-AP

e-mail: ipaddr@ywb.online.tj.cn

address: 76 NO, ShiZiLin Street ,HeBei district of Tianjin,China

phone: +86-22-24459190

fax-no: +86-22-24454499

country: CN

changed: ipaddr@ywb.online.tj.cn 20050721

mnt-by: MAINT-CNCGROUP-TJ

source: APNIC

这是一个IP的WHOIS,是什么意思啊

WHOIS

n.

1. 【电脑】一个网际网络的程序(能够让使用者去查询其它人的资料库)

221.195.99.35的IP具体是哪啊 越具体越好啊 谢谢

IP地址: 221.195.99.35

IP所在位置: 河北省沧州市网通

inetnum: 221.192.0.0 – 221.195.255.255

netname: CNCGROUP-HE

descr: CNCGROUP Hebei Province Network

descr: China Network Communications Group Corporation

descr: No.156,Fu-Xing-Men-Nei Street,

descr: Beijing 100031

country: CN

admin-c: CH455-AP

tech-c: JL2284-AP

remarks: service provider

mnt-by: APNIC-HM

mnt-lower: MAINT-CNCGROUP-HE

mnt-routes: MAINT-CNCGROUP-RR

status: ALLOCATED PORTABLE

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation’s account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: hm-changed@apnic.net 20040329

changed: hm-changed@apnic.net 20060124

changed: hm-changed@apnic.net 20060125

source: APNIC

route: 221.192.0.0/14

descr: CNC Group CHINA169 Hebei Province Network

country: CN

origin: AS4837

mnt-by: MAINT-CNCGROUP-RR

changed: abuse@cnc-noc.net 20060118

source: APNIC

role: CNCGroup Hostmaster

e-mail: abuse@cnc-noc.net

address: No.156,Fu-Xing-Men-Nei Street,

address: Beijing,100031,P.R.China

nic-hdl: CH455-AP

phone: +86-10-82993155

fax-no: +86-10-82993102

country: CN

admin-c: CH444-AP

tech-c: CH444-AP

changed: abuse@cnc-noc.net 20041119

mnt-by: MAINT-CNCGROUP

source: APNIC

person: jinyuan lu

nic-hdl: JL2284-AP

e-mail: jinyuan_lu@heinfo.net

address: hebei province shijiazhuang

phone: +86-311-86685210

fax-no: +86-311-86051214

country: CN

changed: lujinyuan@msn.com 20060821

mnt-by: MAINT-CNCGROUP-HE

source: APNIC

本文来源：https://www.yuntue.com/post/168483.html | 云服务器网，转载请注明出处！