threat_intel_by_url
Query VirusTotal to retrieve comprehensive threat intelligence and reputation for any URL, including detection results from 90+ security vendors.
Instructions
Get threat intelligence and reputation information for a URL from VirusTotal/Google Threat Intelligence.
This tool queries VirusTotal's database to retrieve comprehensive threat intelligence about a URL, including reputation scores, detection results, and historical data.
What this tool provides:
URL reputation and detection status from 90+ security vendors
Historical analysis results
Associated files and malware
Redirection chains
SSL certificate information
WHOIS data for the domain
Related IPs and domains
Community comments and votes
Threat categories (phishing, malware, etc.)
Common Use Cases:
Email security: Check if URLs in emails are malicious
Web filtering: Validate URL safety before allowing access
Incident response: Investigate suspicious URLs from logs
Phishing detection: Identify phishing sites
Threat hunting: Research known malicious infrastructure
Args: url: The URL to query (must be a valid HTTP/HTTPS URL).
Returns: JSON string containing comprehensive threat intelligence data including: - Detection statistics from security vendors - URL categories and tags - Last analysis timestamp - Reputation score - Related files and domains - SSL certificate details - Redirection information
Examples: "https://example.com/suspicious-page" "http://malicious-domain.test/payload.exe" "https://phishing-site.example/login"
Notes: - Requires a valid VirusTotal API key (PURPLEMCP_VT_API_KEY environment variable) - VirusTotal may scan the URL if it hasn't been analyzed recently - Results include historical data and may not reflect current state - Scanning a URL will visit the site, which may have privacy implications - Private API keys have higher rate limits and additional features - When a URL is not found, returns a structured JSON response with found=false
Raises: ThreatIntelligenceClientError: If there's an error communicating with the API. RuntimeError: If the API key is not configured.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |