Use this lane when the starting point is a contact-style address and you want a focused investigation.
Overview
This lane is for the kind of input that already identifies one account or contact point. It looks for breach exposure, related registrations, and public references that connect back to that address.
Request
POST /osint/investigate/emailBase URL: https://test.intelfetch.dev/api/v1
Authentication: send your Bearer token in the Authorization header.
Body
{
"topic": "name@example.com",
"language": "en",
"dateRange": "past_month",
"usePython": false
}Fields
| Field | Required | Notes |
|---|---|---|
topic | Yes | The exact address to inspect |
language | No | Narrows public-source searches when supported |
dateRange | No | Helps focus on recent references |
usePython | No | Enables the Python-backed checks when available |
Response
This lane typically returns:
findingsemailBreachesemailRegistrations
Review findings first, then open the structured sections when you need the normalized record of what was found.
{
"findings": [
{
"title": "name@example.com registered on Example Site",
"source": "Holehe",
"type": "email_registration",
"url": "https://examplesite.com",
"date": "2026-05-19T00:00:00Z"
}
],
"emailBreaches": [
{
"breachName": "ExampleBreachDB",
"breachDate": "2025-01-01",
"pwnCount": 1200000,
"dataClasses": ["email", "password_hash"]
}
],
"emailRegistrations": [
{
"site": "Example Site",
"url": "https://examplesite.com",
"registered": true,
"rateLimit": false
}
]
}How to use it well
- Keep the address exact.
- Add a date range only when you want a tighter pass.
- Use language filters when the public result set is noisy.
- If the first pass is empty, confirm the address spelling before changing the query shape.