threat_intel_by_domain
Query VirusTotal for domain threat intelligence including reputation, WHOIS, DNS, and detection results from 90+ security vendors. Investigate suspicious domains in incident response.
Instructions
Get threat intelligence for a domain from VirusTotal/Google Threat Intelligence.
This tool queries VirusTotal's database to retrieve comprehensive threat intelligence about a domain name, including reputation, detection results, WHOIS data, and relationships.
What this tool provides:
Domain reputation and detection status from 90+ security vendors
WHOIS registration information
DNS resolution history
Associated files, URLs, and IP addresses
SSL certificates
Subdomains discovered
Threat categories (malware, phishing, etc.)
Historical analysis data
Community reputation scores
Common Use Cases:
Investigate suspicious domains from email headers or logs
Research command & control infrastructure
Validate domain reputation before allowing access
Identify malicious infrastructure in incident response
Threat hunting for known bad actor domains
Args: domain: The domain name to query (e.g., "example.com").
Returns: JSON string containing comprehensive threat intelligence data including: - Detection statistics from security vendors - WHOIS registration details - DNS records and resolution history - Related malware, IPs, and URLs - Reputation score and categories - SSL certificate information
Examples: "google.com" "malicious-c2.example.com" "phishing-site.test"
Notes: - Requires a valid VirusTotal API key (PURPLEMCP_VT_API_KEY environment variable) - Results include historical data aggregated over time - Private API keys have higher rate limits - When a domain is not found, returns a structured JSON response with found=false
Raises: ThreatIntelligenceClientError: If there's an error communicating with the API. RuntimeError: If the API key is not configured.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |