PingBack.sh is built for serious bug bounty hunters and security researchers. No free tier, no endless trials, no feature gating. Just professional-grade out-of-band infrastructure for those who invest in their craft. You pay, you hunt, you keep what you find.
HTTP/S, DNS, SMTP and Blind XSS in one listener. One subdomain catches them all, in real time.
Forward-confirmed reverse DNS, RDAP/ASN org, cloud detection and a full /24 reverse map via HackerTarget.
Get pinged the second your payload fires — Email, Discord and Telegram. Never miss a delayed XSS again.
Ready-to-use SVG, PNG, GIF, PDF and XXE files pre-targeted to your listener. Drop and catch.
Read the entire captured email — headers and body — to prove account-takeover and SSRF-to-SMTP chains.
One-click JSON/CSV export and auto-generated HackerOne-ready reports straight from any hit.
pingback.sh is pay-to-play. Built for bug hunters who respect the craft and pay for their gear — not for leeches. No free tier, no trial. You pay, you hunt, you keep what you find.
Send $59 / year to the address below, then tell us your transaction so we can confirm it on-chain. Your key is emailed to you, usually within a few hours.