whackHow it works
From whack <url> to a scored verdict in four steps — the same flow whether you use the web app or the curl-first API.
- 1
Submit
Run
whack <url>from the curl-first API or paste it in the web app. Your API key is your login — no passwords, and datacenter scanning needs no card. The same key drives every egress and every endpoint. - 2
Fan out across egress
The same URL loads simultaneously through datacenter, residential and mobile IPs — or, with the BYO add-on, your own IP/ASN. Datacenter is free; residential (5 credits / 3 MB block) and mobile (10 credits / 3 MB block) are the paid tier. Real residential and mobile IPs are scarce and expensive — exactly why cloakers trust them, and why advanced kits fingerprint the visitor’s ASN to choose which face to serve.
- 3
Capture everything, per egress
Each path records the full request waterfall (HAR), a screenshot timeline, and the complete redirect/TDS chain — and logs which payload deployed to which egress and ASN. Asset download is optional and off by default: pulling the binary from your scan’s vantage is the tell that burns its cover, so the node only flags the payload URL — it never fetches the body. Flip on Capture sample and an isolated vault retrieves and identifies it out of band — the binary never touches the scan node or your device — then it’s hashed and checked against VirusTotal, MalwareBazaar and URLhaus.
- 4
Diff and score — the Split-Horizon Diff
We diff the captures across egress to expose what a datacenter-only scan can’t see: divergence means cloaking, scored 0–100. The per-ASN payload map turns one URL into a picture of who a campaign is hunting — the orgs in the blast radius before their VPN logins leak. You get the verdict, the captures, and IOCs ready to export as CSV, STIX 2.1 or MISP. Mole whacked.