pingback.sh pro · for serious hunters

Pay for a month.
Hunt without limits.

PingBack.sh is built for serious bug bounty hunters and security researchers. No free tier, no endless trials, no feature gating. Just professional out-of-band infrastructure for people who invest in their craft — a single key, 30 days of unlimited hunting. One callback can pay for years of access.

✓ Crypto only ✓ Key in hours ✓ 30 days unlimited ✓ No auto-billing

$39 / 30 days

One key, 30 days of unlimited hunting. No auto-renew.

✓ $39 · 30-day access key
✓ Unlimited listeners & hits
✓ Captures kept 90 days from each listener's creation
✓ Callback intelligence + reverse DNS /24
✓ Email · Discord · Telegram alerts
✓ Weaponized SVG/PNG/PDF/XXE payloads
✓ Full SMTP bodies, export & H1 reports
✓ Full API access

Pay in crypto or PayPal, submit your reference, key emailed to you.

₿ BTCΞ ETH₮ USDTPayPal

Running a team? See the Enterprise plan →

Pay how you like

Send $39 in BTC, ETH or USDT — or pay with PayPal. No account or card details shared with us.

Submit your reference

Paste your transaction hash (or PayPal name) and a contact. We match it — usually confirmed within a few hours.

Hunt for 30 days

Your key lands in your inbox and unlocks everything for 30 days. Every listener keeps its captures for 90 days from its creation — your evidence stays put even after the key expires. Want to keep hunting? Just grab a new key.

pingback.sh/dashboard?t=•••••

listener

a4f9c1b2.pingback.sh

stats

total hits147

unique IPs23

HTTP98

DNS31

Blind XSS12

SMTP6

XSScookies captured· 2s ago · 41.92.x.x 🇿🇦

document.cookie: session=eyJ0eXAiOiJKV1Qi… — httponly bypass

HTTPGET /internal/admin· 1m ago · 10.0.x.x

SSRF confirmed — rDNS: ip-10-0-3-44.ec2.internal (AWS)

DNSA query· 3m ago · 8.8.8.8

x.a4f9c1b2.pingback.sh — blind SSTI via {{7*7}}

SMTPmail received· 8m ago

From: noreply@target.com · Subject: Password reset · full body unlocked

Everything you need to confirm the finding

◈Every OOB channel

HTTP/S, DNS, SMTP and Blind XSS in one listener. One subdomain catches them all, in real time.

◈Callback intelligence

Forward-confirmed reverse DNS, RDAP/ASN org, cloud detection and a full /24 reverse map via HackerTarget.

◈Instant alerts

Get pinged the second your payload fires — Email, Discord and Telegram. Never miss a delayed XSS again.

◈Weaponized payloads

Ready-to-use SVG, PNG, GIF, PDF and XXE files pre-targeted to your listener. Drop and catch.

◈Full SMTP bodies

Read the entire captured email — headers and body — to prove account-takeover and SSRF-to-SMTP chains.

◈Export for reports

One-click JSON/CSV export and auto-generated HackerOne-ready reports straight from any hit.

pingback.sh is built for serious hunters who need reliable out-of-band infrastructure. No free tier, no trial, no noisy limits. Pay for a month, hunt without limits, and keep what you find. No subscription traps — when your 30 days are up, you decide whether to come back.

For teams & orgs

Enterprise

Self-hosted · dedicated server · custom domain · unlimited seats & testers · priority support. Delivered within 48h of payment confirmation.

1700$ / year

Pay for a month.Hunt without limits.