Free Scam Lookup API
Programmatic access to the GACS scam database. Check any domain, wallet, or URL — or ingest the full blocklist as JSON or CSV. No signup, no API key, no credit card.
No API key
Open by default.
CORS enabled
Call it from the browser.
Verified data
3+ confirmations to publish.
Edge-cached
Sub-100ms p95 globally.
Quickstart
Pick a language and copy the snippet. Every endpoint returns JSON or CSV with permissive CORS headers — no proxy required.
# Check a single domain
curl "https://gacs.app/api/public/check-domain?host=example.com"
# Pull 50 latest confirmed scams
curl "https://gacs.app/api/public/scams.json?limit=50" | jq '.results[].entity_name'
# Ingest the full domain blocklist
curl -o gacs-domains.csv "https://gacs.app/api/public/domains.csv"Endpoints
All endpoints live under https://gacs.app/api/public/ and respond to GET with application/json, text/csv, or application/rss+xml.
/api/public/check-domainCheck a domainReturns whether a hostname is on the GACS blacklist, with category, severity, and a deep link to the public report.
https://gacs.app/api/public/check-domain?host=example.comTry Sample response
{
"host": "example.com",
"listed": true,
"category": "phishing",
"severity": "high",
"first_seen": "2025-11-12T08:14:00Z",
"report_url": "https://gacs.app/scam/example-com"
}/api/public/scams.jsonLatest confirmed scams (JSON)Paginated feed of blacklisted entities. Filter by ?category=, paginate with ?limit= (max 200). CORS enabled.
https://gacs.app/api/public/scams.json?limit=50&category=tokenTry Sample response
{
"results": [
{
"slug": "fake-binance-promo",
"entity_name": "fake-binance-promo.io",
"category": "phishing",
"severity": "critical",
"reports_count": 14,
"url": "https://gacs.app/scam/fake-binance-promo"
}
],
"count": 200,
"next": "/api/public/scams.json?limit=50&offset=50"
}/api/public/domains.csvDomain blocklist (CSV)Every blacklisted scam domain, normalized (no scheme, no path). Ready to ingest into browser-extension blocklists or DNS sinkholes.
https://gacs.app/api/public/domains.csvTry Sample response
domain,category,severity,added
fake-binance-promo.io,phishing,critical,2025-11-12
metamask-restore-help.com,wallet_drainer,high,2025-11-12/api/public/wallets.csvWallet blocklist (CSV)Every blacklisted wallet address with chain, category, and the URL of the GACS report page.
https://gacs.app/api/public/wallets.csvTry Sample response
address,chain,category,report_url
0xabc...123,eth,wallet_drainer,https://gacs.app/wallet/0xabc...123
bc1q...,btc,ransomware,https://gacs.app/wallet/bc1q.../api/public/stats.jsonAggregate platform statsCitable counts for journalists & AI search: confirmed scams, reports, USD protected, countries represented, breakdown by category.
https://gacs.app/api/public/stats.jsonTry Sample response
{
"scams": { "confirmed": 34218, "reported": 5912, "total": 40130 },
"community": { "usd_protected": 18420000, "countries_represented": 142 },
"policy": { "free": true, "ads": false }
}/api/public/feed.xmlLatest alerts (RSS)Newest 50 confirmed scam alerts as RSS 2.0. Plug into Feedly, Slack RSS, Discord, or a SIEM.
https://gacs.app/api/public/feed.xmlTry Sample response
<rss version="2.0">
<channel>
<title>GACS Scam Alerts</title>
<item>
<title>fake-binance-promo.io — phishing</title>
<link>https://gacs.app/scam/fake-binance-promo</link>
</item>
</channel>
</rss>/api/public/trending.jsonTrending scams (24h)What's spiking right now — most-reported entities in the last 24 hours, scored by velocity. Great for alerting.
https://gacs.app/api/public/trending.jsonTry Sample response
{
"window": "24h",
"results": [
{ "slug": "vault-restore-now", "reports_24h": 47, "velocity": 6.2 }
]
}/api/public/social-scanLook up a social handleReturns the most-recent GACS verdict for any social handle (Instagram, X/Twitter, TikTok, YouTube, Telegram, Facebook, LinkedIn, Threads, Discord, Reddit, GitHub). Perfect for bots, browser extensions, and OSINT pipelines. No PII.
https://gacs.app/api/public/social-scan?handle=elonmusk&platform=twitterTry Sample response
{
"handle": "elonmusk",
"platform": "twitter",
"found": true,
"verdict": "green",
"risk_score": 12,
"headline": "Verified high-profile account",
"flags": { "red": [], "yellow": [], "green": ["verified", "old_account"] },
"blacklist_hits": 0,
"report_url": "https://gacs.app/scan/...",
"last_scan": "2026-06-09T14:22:00Z",
"license": "CC BY 4.0 — attribute GACS with a link to https://gacs.app"
}Rate limits & caching
Endpoints are aggressively cached at the CDN edge. Typical TTLs: check-domain 60s, scams.json 5min, domains.csv/wallets.csv 10min, stats.json 30min.
Reasonable browser & server use (≤ 10 req/sec from one IP) is fine. For continuous high-volume lookups, download the CSVs and refresh hourly — your check becomes a local set lookup, which is faster and gentler on our cache.
If you hit a stale cache and need a fresh read, append a cache-buster like ?_=1.
License & attribution
Dataset is released under CC BY 4.0. Commercial, research, and educational use are all permitted. Just credit GACS and link back to gacs.app wherever you display data.
Suggested credit line: "Scam intelligence by GACS — gacs.app".
FAQ
Do I need an API key?
No. Every endpoint under /api/public/ is open and CORS-enabled. No signup, no key, no credit card.
Can I use this in a browser extension?
Yes — and that's a common use case. We recommend fetching domains.csv on install and refreshing hourly.
How do I report a false positive?
Each scam page on gacs.app has a 'dispute' link. Disputes are reviewed within 24h.
Do you offer webhooks or push notifications?
Not on the free tier yet. The RSS feed and trending.json endpoint cover most real-time use cases. If you need true push, email data@gacs.app.
Where can I see the full dataset license?
On the /data page, including a Dataset JSON-LD block for search engines.
Building something with this data?
Email data@gacs.app and we'll link to your project from the Developers page.