threat_intel_by_ip
Retrieve threat intelligence for an IP address from VirusTotal, including reputation scores, geolocation, and network ownership for investigating suspicious activity.
Instructions
Get threat intelligence for an IP address from VirusTotal/Google Threat Intelligence.
This tool queries VirusTotal's database to retrieve comprehensive threat intelligence about an IP address, including reputation, geolocation, ASN data, and relationships.
What this tool provides:
IP reputation and detection status from 90+ security vendors
Geolocation data (country, city, coordinates)
ASN (Autonomous System Number) and network owner
Associated files, URLs, and domains
Passive DNS data
Historical analysis results
Open ports and services (if available)
Threat categories and tags
Community reputation scores
Common Use Cases:
Investigate suspicious IPs from firewall logs
Research malware C2 servers
Validate IP reputation before allowing connections
Identify attacker infrastructure in incident response
Threat hunting for known malicious IPs
Network forensics and attribution
Args: ip_address: The IP address to query (IPv4 or IPv6).
Returns: JSON string containing comprehensive threat intelligence data including: - Detection statistics from security vendors - Geolocation and network information - ASN and owner details - Related malware, domains, and URLs - Reputation score and categories - Historical connection data
Examples: "8.8.8.8" "192.168.1.1" "2001:4860:4860::8888"
Notes: - Requires a valid VirusTotal API key (PURPLEMCP_VT_API_KEY environment variable) - Results include historical data aggregated over time - Private/internal IPs may have limited or no data - Private API keys have higher rate limits - When an IP is not found, returns a structured JSON response with found=false
Raises: ThreatIntelligenceClientError: If there's an error communicating with the API. RuntimeError: If the API key is not configured.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip_address | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |