whackMultiple-source URL scanner
Most URL scanners look from one place, with one fingerprint. whack.sh is a multiple-source URL scanner: it loads any URL from datacenter, residential and mobile sources at the same moment, then diffs what each one gets back. When the page changes between sources, that difference is the cloak slipping — the malware, phishing or traffic-distribution system a single-source scan is built never to see.
Two kinds of “source,” both covered
“Multiple-source” means two things, and whack.sh does both:
- Multiple network sources. Every scan runs in parallel from datacenter, residential and mobile egress — three vantage points, three different sets of eyes. Cloaking kits that fingerprint the visitor and serve a clean decoy to datacenter ranges get caught the moment a residential or mobile source sees something different.
- Multiple intelligence sources. Each landing IP, domain and payload is corroborated across WorldIP, URLhaus, Spamhaus, VirusTotal and Google Safe Browsing — so the verdict isn’t one feed’s opinion, it’s the weight of many.
Why one source isn’t enough
A scanner that always appears from the same cloud IPs has a tell, and cloakers know every range. The malicious payload often renders only for real users on real residential and mobile networks — the exact view a single-source, datacenter-only scan can’t reach. Loading a URL from multiple sources and diffing the results is the established way to detect when a site browses a different web for machines than for people.
What a multiple-source scan returns
- A 0–100 score derived from the divergence across sources, with each source’s capture shown side by side.
- The full redirect / TDS chain for every source, each hop enriched with IP, PTR, ASN/org and proxy/VPN intelligence.
- Screenshots, response headers, cookies, TLS and a request timeline per source — plus any captured payload classified for detection.
- A curl-first API that drives every tier, free or paid, and a shareable report you can download as PDF.