Check URLs Before Clicking
Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.
Scan Domain Reputation
Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes.
Tool
Brand impersonation and lookalike domains are a persistent attack vector — a domain registered yesterday that closely resembles your company's name can be used to intercept customers, harvest credentials, or send phishing emails. By the time customers report it, the damage is done.
Security Scanner's `check_domain` skill checks a domain against multiple threat feeds, returning registration age, hosting reputation, malware associations, and phishing flags. Comparing your brand's known domains against suspicious lookalikes takes seconds instead of hours of manual WHOIS and reputation lookups.
Brand protection teams, security analysts, and domain administrators use this to audit suspicious domains flagged by email filters, verify third-party partner domains, and monitor for brand-impersonation infrastructure.
Agent Guides
Claude
- Connect ToolRouter in Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
- Provide the domain or list of domains to investigate.
- Ask Claude to run `check_domain` via `security-scanner` for each one.
ChatGPT
- Connect ToolRouter in ChatGPT: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- List the domains you want to assess and the context — brand protection audit, vendor check, or email filter investigation.
- Ask ChatGPT to run `check_domain` for each via `security-scanner`.
Copilot
- Connect ToolRouter in Copilot: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Extract the domains from your DNS records, email headers, or config file.
- Ask Copilot to check each domain via `security-scanner` with `check_domain`.
OpenClaw
- Connect ToolRouter in OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
- Export or generate the list of domains to scan — from WHOIS monitoring, DNS logs, or brand alerts.
- Run `security-scanner` with `check_domain` for each domain and collect results in a normalized schema.
Related Use Cases
Investigate Suspicious IP Addresses
Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.
Verify File Hashes for Malware
Check MD5, SHA1, or SHA256 file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Generate a Security Report
Run a comprehensive security assessment across a domain or IP and get a structured report covering all threat vectors in one pass.