VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. It aggregates many antivirus products and online scan engines to check for threats that the user's own antivirus may have missed.
MCP server for Alderpost Intelligence API — 8 x402 endpoints bundling premium data sources (VirusTotal, People Data Labs, Hunter.io, AbuseIPDB, SSL Labs, NIH RxNorm) into scored intelligence responses. Pay per call via USDC on Base.
Last updated
8
110
MIT
Why this server?
Provides tools for domain reputation analysis and threat intelligence, allowing AI agents to query VirusTotal for malicious activity detections, URL safety checks, and historical infrastructure records.
Provides AI agents with 37 OSINT tools and 12 data sources to perform unified reconnaissance, domain analysis, and attack surface mapping. It enables agents to query, correlate, and reason across platforms like Shodan, VirusTotal, and Censys in parallel.
Last updated
37
133
14
MIT
Why this server?
Provides tools for analyzing file hashes, URLs, domains, or IP addresses against 70+ antivirus engines and threat intelligence databases for malware detection and reputation checking.
This MCP server transforms Claude into a comprehensive security analyst by providing access to 27 security tools across 21 APIs for vulnerability intelligence. It enables users to query multiple sources like NVD, EPSS, CISA KEV, and threat intelligence platforms in parallel to get correlated security insights and risk assessments for CVEs.
Last updated
27
23
MIT
Why this server?
Enables checking file hash (MD5/SHA1/SHA256) and IP reputation with detection ratios and vendor verdicts from VirusTotal's threat intelligence database.
Aggregates real-time threat intelligence from multiple sources including Feodo Tracker, URLhaus, CISA KEV, and ThreatFox, with IP/hash reputation checking via VirusTotal, AbuseIPDB, and Shodan for comprehensive security monitoring.
Last updated
11
19
MIT
Why this server?
Provides tools for performing malware hash lookups using VirusTotal's database of over 68 antivirus engines to identify and analyze malicious files.
Provides real-time threat intelligence including IP risk scores, CVE lookups, and malware hash analysis without requiring an API key. It enables users to monitor active threats, predict CISA KEV additions, and detect pre-attack infrastructure staging through natural language.
Last updated
8
Why this server?
Allows querying the VirusTotal API for comprehensive security analysis reports including URL analysis, file analysis, IP analysis, domain analysis, and relationship tools.
An MCP server for the Cortex observable analysis and active response engine. It enables LLMs to automate security investigations by running analyzers on observables like IPs and URLs and executing automated response actions.
Last updated
12
4
MIT
Why this server?
Enables analysis of observables using VirusTotal engine through Cyberbro integration, allowing threat intelligence queries and reputation checks for IPs, domains, URLs, and file hashes.
An MCP server that extracts Indicators of Compromise (IoCs) from unstructured text and checks their reputation across multiple threat intelligence services. It enables real-time analysis of IPs, domains, hashes, and URLs, providing enriched context for security workflows within LLMs.
Last updated
5
18
MIT
Why this server?
Aggregates IP, domain, hash, and URL analysis data from VirusTotal v3 API, providing comprehensive malware analysis and reputation scoring.
A threat intelligence aggregation server that provides unified access to multiple security sources for analyzing indicators (IPs, domains, hashes, URLs) with confidence scoring.