whackAbout whack.sh
A cloaked threat shows one face to scanners and another to victims. whack.sh exists to show you both.
Most URL scanners look from a single datacenter vantage point — the exact vantage point cloakers fingerprint and feed a clean decoy. whack.sh loads a URL through datacenter, residential and mobile egress at once — or your own IP/ASN with the BYO add-on — and diffs the captures, so the page that only misbehaves for real users on real IPs can't hide. We call that the Split-Horizon Diff, and the divergence it surfaces is scored 0–100.
It goes deeper than datacenter-versus-real-user. Sophisticated kits fingerprint the visitor's ASN and tailor the payload to the organization behind it: a bank's corporate range gets a pixel-perfect employee re-validation screen built to harvest that company's credentials, while a scanner gets a parked page. By logging which payload deploys to which ASN, whack.sh turns one URL into a map of who a campaign is hunting — the orgs in the blast radius, spotted before their VPN logins start leaking.
It's built for the people who hunt these threats: phishing and abuse investigators, SOC analysts, brand- and ad-fraud teams, and threat-intel researchers. Datacenter scanning is free, no card — and the curl-first API drives every tier, not just the free one. Paid residential and mobile egress unlock the cross-IP diff, and the BYO add-on lets a team scan from its own network to expose ASN-targeted lures. It's the first tool in a broader security platform — one wallet, one key, more tools to come.
whack.sh is pre-launch. Get on the list to grab a free key at launch.