How to Scan Domain Reputation with Copilot
Scan Domain Reputation with Copilot and ToolRouter. Check domains against threat intelligence feeds to catch malicious infrastructure, brand impersonation, and newly registered lookalikes.
Tool
Use Copilot with Security Scanner to enrich domain data inline with your security tooling — adding reputation signals to DNS records, email header extractions, or config-managed allow-lists. Copilot fits when the domain check output feeds back into a structured workspace artifact.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Security Scanner tool:
- Extract the domains from your DNS records, email headers, or config file.
- Ask Copilot to check each domain via `security-scanner` with `check_domain`.
- Have Copilot return structured JSON with reputation fields appended to each domain entry.
- Update your allow-list, block-list, or DNS audit document with the enriched results.
Example Prompt
Try this with Copilot using the Security Scanner tool
Use security-scanner to check these domains: paypa1-support.com, toolrouter-login.xyz, secure-bankofamerica.net. Return each as JSON with fields: domain, registration_date, verdict, threat_categories, and recommended_action. I'll merge this into our DNS audit file.
Tips
- Append reputation fields to DNS audit records so the enriched data stays in one place.
- Use a consistent verdict vocabulary (clean/suspicious/malicious) so downstream filtering is simple.
- Check domains from third-party integrations and API partners on a schedule to catch changes.