Best abuse.ch MCP Servers

Abuse.ch is a research project that tracks and monitors malware, botnets, and other cyber threats. It provides various tools and resources to help security professionals identify and combat online abuse, including databases of malicious URLs, compromised websites, and command-and-control servers.

View all abuse.ch MCP Servers

Why this server?
Provides unified access to abuse.ch projects including URLhaus for malware distribution URLs, MalwareBazaar for sample lookups by hash, ThreatFox for IOC sharing, and Feodo Tracker for identifying active botnet C2 infrastructure.
MCP Threat Intel Server
Security Search Research & Data
aplaceforallmystuff
F
license
A
quality
C
maintenance
Provides unified access to multiple threat intelligence sources like AlienVault OTX, AbuseIPDB, and GreyNoise for security research and analysis. It enables users to perform simultaneous lookups on IPs, domains, hashes, and URLs across several platforms within a single response.
Last updated 2026-05-23
7
83
3
Why this server?
Integrates with abuse.ch services including URLhaus, ThreatFox, and MalwareBazaar for malware URL tracking, IOC sharing, and malware sample intelligence.
Cyber Sentinel MCP Server
jx888-max
A
license
-
quality
C
maintenance
A threat intelligence aggregation server that provides unified access to multiple security sources for analyzing indicators (IPs, domains, hashes, URLs) with confidence scoring.
Last updated 2025-07-19
7
MIT
Why this server?
Provides tools for querying the ThreatFox indicator-of-compromise feed from abuse.ch, allowing AI agents to search IOCs by file hash or malware family.
mcp-threatfox
Security Research & Data Remote
pipeworx-io
A
license
-
quality
C
maintenance
Enables searching for indicators of compromise from ThreatFox by file hash (MD5/SHA1/SHA256) or malware family name.
Last updated 2026-06-02
8
MIT
Why this server?
Integrates with MalwareBazaar to provide real-time threat intelligence, sample metadata, and file downloads for cybersecurity research.
MalwareBazaar_MCP
Research & Data Open Data Remote
mytechnotalent
A
license
-
quality
C
maintenance
An AI-driven MCP server that autonomously interfaces with Malware Bazaar, delivering real-time threat intel and sample metadata for authorized cybersecurity research workflows.
Last updated 2025-11-26
30
Apache 2.0
Why this server?
Provides a unified API layer for querying threat intelligence from multiple abuse.ch platforms including MalwareBazaar, URLhaus, and ThreatFox, enabling comprehensive reports on files, URLs, IPs, and domains for cybersecurity analysis.
Abuse.ch Threat Intelligence
Security Search Monitoring
lokallost
F
license
-
quality
C
maintenance
Enables querying threat intelligence data about files, URLs, IPs, and domains from multiple abuse.ch platforms (MalwareBazaar, URLhaus, and ThreatFox) through a unified API. Provides comprehensive security reports and threat analysis data for cybersecurity investigations.
Last updated 2025-09-10
2
Why this server?
Provides integration with the MalwareBazaar API to retrieve recent malware sample metadata, search for samples by specific tags, and access detailed metadata for SHA256 hashes.
Malware Analysis MCP Server
Security Research & Data Hybrid
SecurityTalent
F
license
-
quality
C
maintenance
Provides real-time threat intelligence and malware metadata by integrating with MalwareBazaar and VirusTotal APIs. Users can search for IOCs, analyze local file hashes, and access data transformation tools for defensive security research.
Last updated 2026-03-17

MCP Threat Intel Server

Cyber Sentinel MCP Server

mcp-threatfox

MalwareBazaar_MCP

Abuse.ch Threat Intelligence

Malware Analysis MCP Server