Batch query up to 50 indicators (IP, domain, URL, hash) in a single request. Auto-detects type and checks abuse.ch feeds per indicator for SOC triage or batch enrichment.
MIT
180,147 tools. Last updated 2026-06-05 14:58
"abuse.ch" matching MCP tools:
- Check a domain against URLhaus to identify known malware-distribution URLs. Obtain threat status, tags, and summary for domain-level threat assessment.MIT
- Auto-detect indicator type (IP, domain, URL, hash) and enrich with threat data from abuse.ch feeds. Use for primary IOC triage when type is unknown.MIT
- Check domain against abuse.ch URLhaus for known malware-distribution URLs (single source — for multi-feed correlation use ioc_lookup which adds ThreatFox and, for IPs, Feodo Tracker). Use for fast domain-level threat assessment; use phishing_check for specific URLs. Free: 30/hr, Pro: 500/hr. Returns {malware_urls, threat_tags, threat_status, summary}.Connector
- Enrich Indicator of Compromise (IP/domain/URL/hash) by auto-detecting type and querying abuse.ch feeds. Per-type source coverage: hash → ThreatFox only (Feodo and URLhaus do not index hashes); IP → ThreatFox + Feodo Tracker + URLhaus; domain / URL → ThreatFox + URLhaus. verdict.sources_queried lists what actually ran; verdict.sources_unavailable lists what failed (timeout / upstream error). Use as primary IOC triage tool when type unknown; use threat_intel for domain-only, hash_lookup for richer MalwareBazaar hash data. Free: 30/hr, Pro: 500/hr. Returns {indicator, type, threat_level, sources, summary, verdict}.Connector
- Batch query multiple IOCs (IP/domain/URL/hash, up to 50 per call, same for Free and Pro) in 1 request: auto-detects type + queries abuse.ch feeds per-indicator. Per-type source coverage matches ioc_lookup: hash → ThreatFox only; IP → ThreatFox + Feodo + URLhaus; domain / URL → ThreatFox + URLhaus. Each result item carries its own verdict.sources_queried / sources_unavailable so partial failures are visible per indicator. Use for SOC alert triage or batch enrichment; use ioc_lookup for single indicator. Free: 30/hr (1 per item), Pro: 500/hr. Returns {results, total, successful, failed, timed_out, partial, summary}.Connector
Matching MCP Connectors
Swiss National Bank (SNB) data portal MCP. Keyless.
Suche in Schweizer Gerichtsentscheiden aller Instanzen (Bund, Kantone) in DE/FR/IT.
- Risk profile for an IP address: geolocation and network (ASN/ISP/org) plus two abuse signals - whether it is a known Tor exit node, and whether it appears on the abuse.ch Feodo botnet command-and-control blocklist. For fraud, abuse, and security screening. Keyless.Connector