whackUse cases
One whack <url>, four jobs done — wherever a page hides its real face from scanners.
Phishing & Abuse Investigation
Phishing kits cloak: they fingerprint the visitor and serve a clean decoy to anything that smells like a datacenter scanner. whack <url> loads the target through residential and mobile egress too, so the mole that hides from everyone else gets whacked — full HAR, screenshot timeline, and the live redirect/TDS chain.
Targeted-Campaign & Exposure Mapping
When a cloaker singles out corporate ASNs to harvest employee or VPN credentials, the per-ASN payload log shows which organizations it’s tailoring lures for — turning one malicious URL into a map of who’s in the blast radius, so a SOC knows it’s a target before credentials leak.
Brand & Ad-Fraud Protection
Cloaked landers and fake storefronts show one face to your monitoring and another to real users on a phone. The Split-Horizon Diff catches that gap across datacenter, residential and mobile IPs, with a 0–100 divergence score telling you exactly how hard a page is hiding.
Threat-Intel & IOC Enrichment
Turn a single URL into shareable intel. whack.sh extracts IOCs from every egress path and exports them as CSV, STIX 2.1 or MISP — and since every endpoint is a curl endpoint, you can wire enrichment straight into your pipeline.
Malware & TDS Research
Trace the full traffic distribution system from entry to payload. Sample capture is opt-in: when you want the artifact, forced-download files are hashed, checked against the feeds, stored only if novel, and handed back through single-use expiring links — study the delivery chain without re-arming it, or leave it off to stay invisible on the scan.
SOC Triage & Incident Response
A user reports a suspicious link — verify it across every egress in seconds, confirm or dismiss the threat, and attach the HAR, screenshot timeline and cloaking score straight to the ticket. Turn “is this safe to click?” into a scored answer your analysts can act on.