Most Accessible Enterprise-Grade Threat Graph

9.7 Million Nodes β€’ 40.5 Million Relationships β€’ Real-time API

Graph intelligence and automation ship with API keys. This page is intentionally not a query box β€” we keep product access clear and commercial. Dataset focus: high-impact campaign relationships from 2010-2016 (Stuxnet, OPM, Mirai/Dyn era).

Free search lives elsewhere β€” on purpose

We still offer a free lookup experience for the community: a dedicated search surface built on DuckDuckGo principles β€” privacy-respecting, not an ad-profile machine. ShadowSearch does not run behavioral tracking on your queries, does not sell ad slots in the search UI, and does not add extra trackers on top of the results we show. Sites you open after that are their own story. Nothing runs in a box on this landing page; you jump out to the search app when you want to explore.

Free Search β†’
9.7M
Threat Nodes
40.5M
Relationships
262
Malware Families
76+
API Endpoints

πŸ•΅οΈ Threat Intelligence

  • Domain reputation & scoring
  • Hash (MD5/SHA1/SHA256) analysis
  • IP intelligence & geolocation
  • URL & CVE tracking
  • Email indicator monitoring

πŸ”— Graph Intelligence

  • Full graph traversal (1-20 depth)
  • Neighbor & path discovery
  • Connected component analysis
  • Degree centrality metrics
  • Visual graph explorer

🀝 MISP Integration

  • Live MISP API queries
  • MISP MySQL fallback
  • Event correlation & clustering
  • ATT&CK TTP mapping
  • Threat actor attribution

πŸ“‘ OTX Enrichment

  • AlienVault OTX pulses
  • Reputation scores
  • Malware family detection
  • Pulse count tracking
  • Community threat intel

🎯 Advanced Search

  • Full-text across 9.7M nodes
  • Type-specific search
  • Autocomplete suggestions
  • Bulk IOC lookup (100 at once)
  • CSV/JSON export

⚑ Developer Ready

  • 76+ REST endpoints
  • API key authentication
  • Rate limiting (100/min)
  • GZIP compression
  • OpenAPI docs

Who this data is for

SOC / threat intel teams: Historical clustering, actor TTP context, and faster triage baselines.
Detection engineers: Backtest detections against known 2010-2016 campaign behavior.
Red / purple teams: Build realistic emulation targets and infrastructure patterns.
Incident response / MDR: Enrichment pivots for active investigations and legacy overlap.
Fraud / risk analysts: Reputation signals and infrastructure reuse context.
Researchers / journalists: Timeline validation and campaign relationship mapping.
University labs / cyber programs: Real-world graph-based threat analysis teaching data.
AI/ML security teams: Labeled relationships for model training, retrieval, and eval benchmarks.

AI/ML value: Labeled historical relationships for model training, retrieval, and evaluation benchmarks.

Why $23?

Lightning-friendly. Priced so solo builders and small teams can afford graph-grade intel without a procurement saga.

Lower than a pizza per week. No VC-backed β€œcontact sales” theater β€” just access to the API and the graph.

πŸš€ Lightning Network

$23/month

βœ“ Unlimited API requests

βœ“ All 76+ endpoints

βœ“ MISP Live + OTX

βœ“ Graph visualization

βœ“ 30-day API key validity

βœ“ Priority email support


Subscribe with Lightning β†’

Quick start

One authenticated GET β€” swap in your key and indicator. Full OpenAPI lives in the docs.

curl -H "X-API-Key: sb_live_xxx" \
  https://api.shadowcore.club/v2/ioc/domain/evil.com