// Multi-source IOC Threat Intelligence — Free & Self-Hosted
A self-hosted VMware appliance that queries VirusTotal & AbuseIPDB simultaneously. Correlate threat intelligence across sources, analyze results on a live dashboard, and export findings — all using your own API keys.
Every feature is designed to reduce pivot time and surface high-confidence verdicts in seconds, not minutes.
Query VirusTotal and AbuseIPDB simultaneously or individually. Supports IPs, domains, URLs, file hashes, and more.
VIRUSTOTAL + ABUSEIPDBCross-source correlation generates a unified threat verdict — cutting out the noise and highlighting what truly matters.
THREAT CORRELATIONVisualize your investigation results with charts, threat scores, and trend analysis — all inside the platform.
LIVE DASHBOARDNo shared quotas, no middleman. Plug in your own VirusTotal and AbuseIPDB API keys and query at your own rate.
ZERO DATA LEAKAGEDownload lookup results for documentation, incident reports, or further offline analysis in your preferred format.
DOWNLOADABLE REPORTSShips as a VMware image. Unzip, import, power on — access the platform via browser at your machine's IP on port 5000.
AIR-GAP READYEvery lookup feeds your built-in dashboard. Spot patterns, track malicious IOC rates, and keep a running record of all investigations.
No installation scripts, no complex configs. Just download, import, and go.
Grab the free platform ZIP from this page. It contains the VMware machine image ready to use.
Unzip the archive and open the machine image in VMware Workstation or VMware Player. Power it on.
Login to VM using 'ubuntu' for both Username & Password then Navigate to the VM's assigned IP address on port 5000 from any browser on your network.
Enter your own VirusTotal and AbuseIPDB API keys and start querying IOCs immediately.
Minimal prerequisites — if you run VMware, you're ready to go.
Self-hosted, private, and fully yours. No telemetry. No cloud dependency. Your API keys, your machine, your data.
