While not 0-click, this might work even better using DNS and a more dense network of anycast DNS servers delegating a subdomain. Send a link to the target, and the DNS resolve should end up at your anycast DNS server. Respond with a CNAME entry, triggering a second DNS request and you can determine at which DNS server the request was served.

Would also work without anycast (and thus probably able to use a very dense botnet) and long list of NS entries for your domain.