VEKTORA is a free, community-driven threat intelligence platform. 12 live feeds. Stack-specific playbooks for your firewall, EDR, and SIEM. No account. No paywall. No catch.
Each window pulls independently from a separate source. Refreshes on load, on demand, or automatically every 60 seconds.
Every source is free, continuously monitored, deduplicated and cross-validated before reaching the API.
| Source | IOC Type | Category | Refresh | Status |
|---|---|---|---|---|
| abuse.ch — Feodo Tracker | IPv4 | BOTNET C2 | 15 min | |
| abuse.ch — URLhaus | URL | MALWARE URL | 15 min | |
| abuse.ch — ThreatFox | IPv4 · Domain · Hash | IOC MIX | 15 min | |
| abuse.ch — MalwareBazaar | SHA256 · MD5 | MALWARE HASH | 15 min | |
| CISA — Known Exploited Vulns | CVE | CVE | 15 min | |
| AlienVault — OTX Pulses | Mixed | OSINT | 15 min | |
| MISP — OSINT Community | Mixed | COMMUNITY | 15 min | |
| Emerging Threats IDS | IPv4 | IDS RULES | 15 min | |
| Blocklist.de | IPv4 | BRUTE FORCE | 15 min | |
| OpenPhish | URL | PHISHING | 15 min | |
| CINS Army Score | IPv4 | ACTIVE THREAT | 15 min | |
| VXVault | URL | MALWARE URL | 15 min | |
| AbuseIPDB Community Blacklist | IPv4 | ABUSE REPORTS | 15 min | |
| Palo Alto Unit42 Threat Intel | IPv4 · Domain · Hash · URL | UNIT42 APT | Daily |
Select your security stack — VEKTORA generates exact CLI, API calls, and queries in the syntax your tools expect.
Every threat mapped to TTPs automatically. Understand what the adversary is doing — not just what to block.
Every endpoint is public. No key, no registration, no rate limits for reasonable community use.
Last updated: April 2026
VEKTORA collects no personal data from visitors. We do not use cookies, tracking pixels, or analytics that identify individuals. The threat intelligence data we process consists entirely of malicious IP addresses, domains, URLs, and file hashes — not personal information.
If you submit a contact form, we collect your name, email address, and message solely to respond to your enquiry. This data is not shared with third parties, not used for marketing, and deleted upon request. API usage is unauthenticated and generates no user-linked logs.
All IOCs we process are malicious infrastructure indicators (WAN-side IPs, domains, hashes). These are external threat actors — not personal data under GDPR, the Australian Privacy Act 1988, or any comparable framework. No special-category data is processed.
You may request deletion of any contact form submission at any time by emailing info@connex.au. We will respond within 48 hours. As we collect no identifying data from API users, no deletion request is possible or necessary for API usage.
By accessing VEKTORA's API or website, you agree to the following terms.
You may use VEKTORA's data for defensive security purposes — blocking threats, enriching SIEMs, building detection rules, and protecting infrastructure. Academic research and security tool development are also permitted.
You may not use VEKTORA's data to attack systems, conduct offensive operations, harass individuals, scrape for commercial resale without attribution, or circumvent rate limits in a way that degrades service for others.
You are encouraged (not required) to attribute VEKTORA when publishing research or tools built on this data. A link to vektora.info is sufficient. Commercial products built on our data must display clear attribution.
Threat intelligence data is provided "as-is" without warranty. False positives may occur. VEKTORA is not liable for blocking decisions made based on this data. Always validate IOCs in your environment before deploying block rules in production.
These terms are governed by the laws of New South Wales, Australia. Disputes shall be resolved in NSW courts. For questions: info@connex.au
False positive reports, integration questions, partnership enquiries, or just want to say hi — we respond within 48 hours.