search_ioc
ActiveTool of mcp-threatfox
declared in 0.1.0
Look up a specific indicator of compromise (IP, domain, URL, hash, etc.). Returns matching IOCs with malware family, confidence, threat-type, first/last seen, tags, references.
Parameters schema
{
"type": "object",
"examples": [
{
"indicator": "192.0.2.42"
},
{
"indicator": "evil.example.com",
"exact_match": false
}
],
"required": [
"indicator"
],
"properties": {
"indicator": {
"type": "string",
"description": "IP / domain / URL / hash to look up"
},
"exact_match": {
"type": "boolean",
"description": "Require exact match (default true)"
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
mcp-threatfox
https://github.com/pipeworx-io/mcp-threatfox
2/7 registries