Summary
Connects Claude to the ThreatFox feed from abuse.ch, a free threat intelligence source tracking current indicators of compromise. Exposes two tools: search by file hash (MD5, SHA1, or SHA256) to find associated IOCs, and search by malware family name like Cobalt Strike or Emotet to pull tagged indicators. Runs through the Pipeworx gateway as a streamable HTTP transport. You'll want this if you're doing security analysis or incident response and need to check whether hashes or malware families have known IOC associations. Requires a free API key from abuse.ch to use.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-threatfox
ThreatFox MCP — abuse.ch indicator-of-compromise feed (free, key required)
Part of Pipeworx — an MCP gateway connecting AI agents to 673+ live data sources.
Tools
| Tool | Description |
|---|---|
search_hash | IOCs associated with a file hash (md5 / sha1 / sha256). |
search_malware | IOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot"). |
Quick Start
Add to your MCP client (Claude Desktop, Cursor, Windsurf, etc.):
{
"mcpServers": {
"threatfox": {
"url": "https://gateway.pipeworx.io/threatfox/mcp"
}
}
}
Or connect to the full Pipeworx gateway for access to all 673+ data sources:
{
"mcpServers": {
"pipeworx": {
"url": "https://gateway.pipeworx.io/mcp"
}
}
}
Using with ask_pipeworx
Instead of calling tools directly, you can ask questions in plain English:
ask_pipeworx({ question: "your question about Threatfox data" })
The gateway picks the right tool and fills the arguments automatically.
More
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →