Roblox: "IP Grabbing"

Hey Robloxians!

It’s a shame that we have to release a public bulletin about this on Father’s Day, however it’s incredibly important from our perspective that users are informed and not mislead.

What’s happening?

Recently 3DS, the person who makes a Roblox exploit called Synapse released the ability to see hidden values on properties. One of these properties is the user’s country.

This allows exploiters to see your country - they cannot see anything else.

So, users can see that you’re from the United States or whichever country you happen to be located in.

How can it be resolved?

Roblox will likely push out a fix soon to resolve this issue. This is a minor problem, and knowing a user’s country is not likely to be a significant problem for most users.

We’d like to make 100% clear that IPs, cities etc are NOT at risk of being exposed with this vulnerability.

Video source

The video here shows a script that spam chats the players country location and “IP Address”. The IP address is fake, and the Synapse community can confirm this.

Here’s a copy of the script used in that video:

-- CREDITS TO kuraga#4659 AND DerzeTT#8830
_G.ass = {}
for _,v in pairs(game:GetService("Players"):GetPlayers()) do
  if v.Name ~= game:GetService("Players").LocalPlayer.Name then
   local Thing = game:GetService("HttpService"):JSONDecode(game:HttpGet(""))
   local ParsedCountry = Thing[gethiddenproperty(v, "CountryRegionCodeReplicate")]
  local SayMessageRequest = game:GetService("ReplicatedStorage").DefaultChatSystemChatEvents.SayMessageRequest
v.Name.." is from "..tostring(ParsedCountry).." ".."IP: "..math.random(1,200).."."..math.random(1,200)..".".."######".." ".."(IP: Successfully Listed)",
for i = 1,5 do
local SayMessageRequest1 = game:GetService("ReplicatedStorage").DefaultChatSystemChatEvents.SayMessageRequest
"IP Leaking Status: Working ⚙️",
local SayMessageRequest2 = game:GetService("ReplicatedStorage").DefaultChatSystemChatEvents.SayMessageRequest
"IP Leaking Status: Successfully Leaked ✅",


The only data that is visible to exploiters is the country of a user. Closing down your games etc is not advised, as this is a minor issue. The geolocation is simply the user’s country. No cities, or IPs are visible.

Thanks for reading this. Stay safe! But most importantly, stay informed.

This topic was automatically closed after 0 minutes. New replies are no longer allowed.