VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. It aggregates many antivirus products and online scan engines to check for threats that the user's own antivirus may have missed.
Provides tools for domain reputation analysis and threat intelligence, allowing AI agents to query VirusTotal for malicious activity detections, URL safety checks, and historical infrastructure records.
Provides AI agents with 37 OSINT tools and 12 data sources to perform unified reconnaissance, domain analysis, and attack surface mapping. It enables agents to query, correlate, and reason across platforms like Shodan, VirusTotal, and Censys in parallel.
Last updated
37
111
15
MIT
Why this server?
Enables checking file hash (MD5/SHA1/SHA256) and IP reputation with detection ratios and vendor verdicts from VirusTotal's threat intelligence database.
Aggregates real-time threat intelligence from multiple sources including Feodo Tracker, URLhaus, CISA KEV, and ThreatFox, with IP/hash reputation checking via VirusTotal, AbuseIPDB, and Shodan for comprehensive security monitoring.
Last updated
11
26
MIT
Why this server?
Provides security scanning capabilities through Domain Shield and Threat Pulse endpoints, utilizing VirusTotal's 70+ engine malware detection and threat intelligence for comprehensive domain security analysis.
Universal x402 buyer agent — discover, pay for, and call any x402 paid API endpoint from Claude Desktop, Cursor, or Claude Code with automatic USDC payment via AgentCash.
Last updated
4
163
MIT
Why this server?
Leverages VirusTotal's malware scanning capabilities for domain security analysis (SPF, DKIM, DMARC, SSL, MX, DNSSEC + 70+ malware engines) and threat intelligence (blacklists, ports, SSL analysis, IP abuse reports).
MCP server for Alderpost Intelligence API — 8 x402 endpoints bundling premium data sources (VirusTotal, People Data Labs, Hunter.io, AbuseIPDB, SSL Labs, NIH RxNorm) into scored intelligence responses. Pay per call via USDC on Base.
Last updated
8
191
MIT
Why this server?
Provides tools for analyzing file hashes, URLs, domains, or IP addresses against 70+ antivirus engines and threat intelligence databases for malware detection and reputation checking.
This MCP server transforms Claude into a comprehensive security analyst by providing access to 27 security tools across 21 APIs for vulnerability intelligence. It enables users to query multiple sources like NVD, EPSS, CISA KEV, and threat intelligence platforms in parallel to get correlated security insights and risk assessments for CVEs.
Last updated
27
523
Apache 2.0
Why this server?
Enables analysis of observables using VirusTotal engine through Cyberbro integration, allowing threat intelligence queries and reputation checks for IPs, domains, URLs, and file hashes.
An MCP server that extracts Indicators of Compromise (IoCs) from unstructured text and checks their reputation across multiple threat intelligence services. It enables real-time analysis of IPs, domains, hashes, and URLs, providing enriched context for security workflows within LLMs.
Last updated
5
18
MIT
Why this server?
Allows for the submission of observables like IPs and hashes to VirusTotal through Cortex's analysis pipeline for security enrichment.
An MCP server for the Cortex observable analysis and active response engine. It enables LLMs to automate security investigations by running analyzers on observables like IPs and URLs and executing automated response actions.
Last updated
31
1
1
MIT
Why this server?
Allows querying the VirusTotal API for comprehensive security analysis reports including URL analysis, file analysis, IP analysis, domain analysis, and relationship tools.
Provides real-time threat intelligence including IP risk scores, CVE lookups, and malware hash analysis without requiring an API key. It enables users to monitor active threats, predict CISA KEV additions, and detect pre-attack infrastructure staging through natural language.