Feodo Tracker

live SecurityThreat Intel

abuse.ch botnet C&C IP blocklist (Dridex/Emotet/Qakbot/etc). Keyless.

4 tools

0ms auth

free tier 50 calls/day

Tools

list

Current C&C blocklist (optional family/status filter).

Parameters

Name Type Description

family opt string —

status opt string —

limit opt number —

▶ Try it

Response

check_ip required: ip

Is the given IP currently listed?

Parameters

Name Type Description

ip req string —

▶ Try it

Response

recent

Entries first seen in the last N hours.

Parameters

Name Type Description

hours opt number —

▶ Try it

Response

aggressive

Full aggressive blocklist.

No parameters required.

▶ Try it

Response

Test with curl

The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.

List available tools

bash

curl -X POST https://gateway.pipeworx.io/feodotracker/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Call a tool

bash

curl -X POST https://gateway.pipeworx.io/feodotracker/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"list","arguments":{}}}'

Use with the SDK

Install @pipeworx/sdk to call tools from any TypeScript/Node project.

TypeScript

import { Pipeworx } from '@pipeworx/sdk';
const px = new Pipeworx();
const result = await px.call("list", {});

ask_pipeworx

// Or ask in plain English:
const answer = await px.ask("abuse");

Related packs

Other Pipeworx packs in the same categories (Security, Threat Intel):

MCP Config

claude_desktop_config.json

{
  "mcpServers": {
    "pipeworx-feodotracker": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://gateway.pipeworx.io/feodotracker/mcp"
      ]
    }
  }
}