Live on Base · settled in USDC via x402

OSINT for AI agents.

Find every account tied to a username across 500+ sites. No sign-up, no API keys. Pay per request in USDC on Base via x402.

agent → x402-osint
$ curl https://api.osint.example/report/soxoj

← 402 Payment Required  { price: "$0.05", network: base, payTo: 0x9f…21c }
# agent signs a gasless USDC transfer (EIP-3009), retries. no key, no account

← 200 OK  settled · tx 0x4b…e9
{
  "username": "soxoj",
  "profile_count": 14,
  "profiles": [ "GitHub", "Keybase", "Instagram",  ],
  "email_candidates": [ "soxoj@gmail.com",  ],
  "exposure_score": 72, "exposure_level": "high"
}

Four steps, all over plain HTTP.

No dashboard, no OAuth, no invoice. The 402 handshake is the whole integration; the agent's wallet does the rest.

Request

Your agent hits the endpoint like any other URL.

402 back

We reply with price, token, and the payTo address in a header.

Sign & retry

The agent signs a gasless USDC transfer and retries, automatic in any x402 client.

200 + data

We scan live, settle on-chain, return JSON. You only pay when it works.

Simple, per-call pricing.

Try it free with no wallet. When you're ready, a single call costs a cent or two, and you only pay for the calls you actually make.

Trial
Free
GET /trial/osint/{user}

Shallow scan, rate-limited per IP. Evaluate before funding a wallet.

Lookup
$0.02 / call
GET /osint/{user}

Full username sweep across 500+ social networks and sites, with profile URLs.

The moat Identity report
$0.05 / call
GET /report/{user}

Profiles + candidate emails + breach exposure + a findability score, with a plain-language summary. The aggregation you'd rather not build.

Email
$0.03 / call
GET /email/{address}

Reverse email lookup: which of ~120 services an address is registered on (holehe).

Settled in USDC on Base. The facilitator pays the gas, so you keep the payment. First 1,000 calls/month settle fee-free.

Docs, running in two minutes.

Start free from your terminal, then drop it into an agent as an HTTP call or a native MCP tool.

quickstart · curl
# free, no wallet needed
$ curl https://x402-osint.tail66f665.ts.net/trial/osint/soxoj

# paid: any x402 client signs + retries the 402
$ curl .../osint/soxoj   200 { found:[...], summary:"..." }
$ curl .../email/a@b.com 200 { found:[...], summary:"..." }

# machine-readable, for agents
$ curl .../openapi.json
$ curl .../llms.txt   .../schemas.json
MCP · native agent tool
# add to your agent's MCP config:
{
  "mcpServers": {
    "x402-osint": { "url": "https://x402-osint.tail66f665.ts.net:8443/sse" }
  }
}

# free discovery tools (shallow, rate-limited):
osint_lookup(username)   # username → sites
osint_email(address)     # email → services
# for the full sweep or report, call the paid HTTP API below.
EndpointPriceReturns
GET /trial/osint/{u}freeShallow, rate-limited scan for evaluation.
GET /osint/{u}$0.02Full lookup across 500+ sites; profiles with URLs.
GET /report/{u}$0.05Profiles + candidate emails + breaches + exposure score + summary.
GET /email/{address}$0.03Reverse email lookup across ~120 services (holehe).
MCP (SSE :8443)freeDiscovery tools osint_lookup / osint_email (shallow).
/openapi.json · /llms.txt · /schemas.jsonfreeMachine-readable schema, LLM guide, agent tool defs.

Questions.

Do I need crypto to try it?

No. /trial/osint/{user} is free and needs no wallet. Paid calls need a Base wallet holding a few dollars of USDC; the agent signs the payment and the facilitator covers gas.

Is there an MCP server?

Yes. It exposes free discovery tools (osint_lookup, osint_email) over SSE at :8443/sse so agents can find and try the service. For the full sweep, identity report, or email lookup, agents call the paid HTTP endpoints. Every response carries a plain-language summary field for direct LLM use.

What is x402, exactly?

An open standard that revives HTTP 402 Payment Required. The server answers with a price; the client signs a one-time USDC transfer (EIP-3009) and retries. No accounts, no API keys, no card. Built for machines paying machines.

maigret is free, so why pay for this?

You're not paying for the scan; you're paying to skip the work around it: the /report aggregation (profiles + emails + breach exposure + a score), kept fresh and reliable, with zero setup. Self-hosting maigret at scale means proxies, dead-site pruning, and upkeep. That is the part this sells.

Do you store my queries or results?

Scans run live at call time against public profiles; results aren't retained as a product or sold on. Settlement is final and on-chain, so there are no chargebacks, and we only bill after a scan succeeds.

Is this legal to use?

It checks for public profiles tied to a username, the same thing an open-source tool does. But automated recon can brush against target-site terms and local privacy law. Use it for legitimate purposes, and get advice before building a business on it.

Which networks are supported?

Base mainnet (eip155:8453) for real USDC, and Base Sepolia testnet for free end-to-end testing. Switching is one environment variable.

USDC only, or does it take USDT?

USDC. The gasless flow depends on EIP-3009 (the payer signs an off-chain transfer authorization; the facilitator broadcasts it and covers gas). USDC implements EIP-3009 natively; USDT does not, so it cannot be paid gaslessly through x402. Fund the agent wallet with USDC on Base.