A single analysis pipeline answers the same question everywhere - "is this real?" - whether you paste a mail, forward it, or call an API.
01
How it works
From paste to plain-language verdict.
Three steps, on average under five seconds.
01
Paste or forward the message.
Copy the suspicious email, SMS, or link to scampilot.de/check. Or forward the mail to your personal Scampilot address. Or send it to @scampilot_bot on Telegram. Any surface you pick - the answer is the same.
02
We analyze in three layers.
First reputation (known phishing domains & numbers), then heuristics (language, pressure, patterns), then a language model for the subtle rest. On low confidence, we escalate to a larger model.
03
You get a plain-language verdict - and concrete steps.
Safe, Warn, or Likely scam. With plain-language reasoning, concrete evidence from your message, and two to five next-step actions. Action 1 is always the most important.
02
The report
Every verdict shows its evidence.
No “trust us”. You see why something is a scam - and what to do about it. A real report from the eval set, annotated.
Likely a scam· 9494 / 100
The mail impersonates your bank and pressures you to enter your password immediately - a textbook phishing attempt.
01 Do not click any link. Your bank never asks like this.
02 Call your bank using the number on your card - not the one in the mail.
03 Forward the mail to your bank's phishing desk.
04 Delete the message.
1
Verdict & confidence
One of three: safe, warn, danger. Symbol + color + word - never colour alone. Confidence as a number 0–100.
2
Plain-language summary
One sentence, in the message's language. What the model saw, why this verdict. No jargon.
3
Action list
Two to five imperative steps. Number 1 is always the most important immediate step.
4
Signals & evidence
Which pattern raised the alarm - and exactly where in your message. Visible under "Why we think so".
5
Model & tokens
Which model decided, how much compute it used. Transparency for you, cost control for us.
03
Under the hood
One pipeline. Four layers.
Each layer can sharpen or soften the verdict - none decides on its own.
Layer 1
Ingest & normalise
We take raw text, emails (incl. attachments via OCR/PDF), Telegram posts, API bodies. Everything is reduced to plain UTF-8. Auth headers for mail (EMAIL_AUTH: spf=pass dkim=fail dmarc=fail) appended as an extra line.
pasteinbound_emailapimcptelegramextension
Layer 2
Reputation & heuristics
Every URL checked against Google Safe Browsing and PhishTank (24 h cache). Regex heuristics for common tricks: urgency, credential prompts, lookalike domains, payment demands. Results pass into the prompt as EXTERNAL SIGNALS.
Layer 3
AI analysis
A language model writes the verdict - in the message's language, structured. If confidence drops below 60 we escalate to a larger model. The escalation wins.
If the AI provider is down we switch to pure heuristics - you still get an answer, flagged as heuristic-fallback.
Layer 4
Reply & delivery
Same structured result to every surface. Paste → card in the browser. Mail → reply email. Telegram → chat message. API/MCP → JSON. Every paste result also gets a signed link, valid for 7 days.
04
The surfaces
Wherever the message comes from.
One analyzer, six adapters. You don't have to install anything to start.
Paste & check
No account
Text box at /check. Rate-limited by hashed IP, 3 checks per day. Result as a card - and as a signed link valid for 7 days.
Personal forwarding inbox
Every account gets a primary alias user.x7q3@in.scampilot.de plus any number of burners. Forward suspicious mail there - report comes back. Optionally we reply with the report straight to the sender (allowlisted addresses only).
Training inbox
No account
Help train Scampilot: forward suspicious messages to training@in.scampilot.de. Whatever lands there feeds our detection, anonymised.
Telegram bot
Forward or paste into the chat with @scampilot_bot. /link <code> binds the chat to your Scampilot account.
Browser extension
Chrome, MV3. Right-click selected text, a link, or an image → "Check with Scampilot". Verdict in the side panel, no navigation - including QR-code detection on the page.
REST API
JSON in, JSON out. Bearer token, per-user-bucket rate limit, OpenAPI spec at /docs/api.
MCP server
For AI agents like Claude or Cursor. Tools scan_text, scan_url, scan_email. HTTP.