Skip to content
Signals
Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time
Dragons Community

Dark Web

Dark Web Mention API

Track brand, domain and credential mentions across mock dark web sources. All content is fictional, redacted and safe for enterprise consumption.

Safety level: Sensitive (Redacted). All responses are editorially reviewed, redacted and safe for enterprise consumption. No raw IOC data, dark web content, exploit code or stolen credentials.

Example use cases

  • Brand protection and reputation monitoring
  • Credential leak early warning
  • Third-party risk assessment
  • Fraud prevention intelligence

Endpoints

GET/api/v1/threat-intelligence

List Threat Intelligence

Threat Intelligence · Enterprise

IOC Response

Indicator of compromise with type, confidence, TLP classification and defensive context.

id*

IOC identifier

string

type*

Indicator type: ip, domain, url, hash, email

string

value*redacted

Indicator value (RFC 5737 ranges for IPs)

string

confidence*

Confidence level: low, medium, high

string

tlp*

TLP classification: clear, green, amber, red

string

firstSeen*

ISO 8601 first observation date

string

defensiveGuidance

Recommended defensive action

string
{ "id": "ioc-001", "type": "ip", "value": "[REDACTED] 192.0.2.••", "confidence": "high", "tlp": "green", "firstSeen": "2026-04-15", "defensiveGuidance": "Block at perimeter firewall" }

Safety notes

All IP addresses use RFC 5737 documentation ranges (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24).

No real malicious infrastructure, C2 addresses or active threat indicators.

Hash values are synthetic — not real malware samples.

Dark Web Mention API — Enterprise API | Dragons Community