whack.sh
Multi-egress URL threat scanning that exposes cloaking
whack.sh is a multi-egress URL threat scanner. It loads a suspicious link through datacenter, residential, and mobile IP networks at the same time, then diffs how the page behaves across them to expose the cloaking and traffic-distribution systems that serve a clean decoy to datacenter-based scanners but a live payload to real victims. Every scan captures the full HAR (request and response headers), a screenshot timeline, and the redirect chain, and hash-checks any forced-download samples against malware databases. It is API-first, with every tier driven by a single "whack <url>" call and a credit model that charges for the heavy residential and mobile egress, not the cheap datacenter checks.
SHA-256 C7183F66E1981525FECCB6681F4990463907BFD638E7DD89972885DBC0237BAC
SHA-256 8321941690069E369C268148ADE5A2D10050138A99FF2FEE247BCE7030227BE4