[kurisufag]

this is a significantly less criminal version of bruting gift card checking pages, which was both very doable and popular ~5-10 years ago. the cards themselves had something like 16 characters, but only the last 4 would be variable at any time -- with a couple proxies, you could successfully catch codes after they were activated but before they were redeemed. I'm not sure there was any recourse for the party that was inevitably unable to redeem the gift card they had bought.