MCP server exposing 4 tools for threatfox.
This URL is a JSON-RPC 2.0 endpoint over HTTP. Issue POST requests with a JSON-RPC body. Browsers and search crawlers land here on GET.
POST https://gateway.pipeworx.io/threatfox/mcp
Content-Type: application/json
{"jsonrpc":"2.0","id":1,"method":"tools/list"}search_ioc — Look up a specific indicator of compromise (IP, domain, URL, hash, etc.). Returns matching IOCs with malware family, confidence, threat-type, first/last seen, tags, references.recent_iocs — IOCs added to ThreatFox in the last N days. Useful for daily threat-intel ingestion.search_hash — IOCs associated with a file hash (md5 / sha1 / sha256).search_malware — IOCs tagged to a malware family (e.g., "Cobalt Strike", "Emotet", "QakBot").Code samples (curl / TypeScript / one-click client install), schemas, and the live playground are on the pack page:
https://pipeworx.io/packs/threatfox/
Pipeworx is an open MCP gateway connecting AI agents to live data. pipeworx.io