Bösartige URL kopieren
Fortgeschritten
Dies ist ein SecOps, Multimodal AI-Bereich Automatisierungsworkflow mit 13 Nodes. Hauptsächlich werden Code, Limit, Merge, Telegram, UrlScanIo und andere Nodes verwendet. Verdächtige Links über Telegram prüfen, GPT-4 zur Analyse von VirusTotal- und urlscan.io-Ergebnissen einsetzen
Voraussetzungen
- •Telegram Bot Token
- •Möglicherweise sind Ziel-API-Anmeldedaten erforderlich
- •Google Sheets API-Anmeldedaten
- •OpenAI API Key
Verwendete Nodes (13)
Kategorie
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"id": "PieiJJOvbuPki3Mj",
"meta": {
"instanceId": "37378868811aa5e52ca1cd19a8874f269c8a908a16e8e6aecf58cb1f0c7cd08f",
"templateCredsSetupCompleted": true
},
"name": "COPY Malicious URL",
"tags": [],
"nodes": [
{
"id": "b0c038b7-7362-45a3-a0ad-b1f1b5efc738",
"name": "Notizzettel",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-64
],
"parameters": {
"color": 3,
"width": 2348,
"height": 448,
"content": "Malicious URL Scanner Through Telegram"
},
"typeVersion": 1
},
{
"id": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"name": "VirusTotal HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
848,
208
],
"parameters": {
"": "",
"url": "https://www.virustotal.com/api/v3/urls",
"method": "POST",
"options": {},
"sendBody": false,
"sendQuery": true,
"curlImport": "",
"infoMessage": "",
"sendHeaders": false,
"specifyQuery": "keypair",
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "url",
"value": "={{ $json.message.text }}"
}
]
},
"httpVariantWarning": "",
"nodeCredentialType": "virusTotalApi",
"provideSslCertificates": false
},
"credentials": {
"virusTotalApi": {
"id": "UcWt9YCOMpHQ0jOB",
"name": "VirusTotal account"
}
},
"typeVersion": 4.2,
"extendsCredential": "virusTotalApi"
},
{
"id": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"name": "Textnachricht senden",
"type": "n8n-nodes-base.telegram",
"position": [
2464,
-48
],
"webhookId": "3e61fce0-30f0-47ab-aba9-9ad2717c9303",
"parameters": {
"text": "={{ $json.output }}",
"chatId": "={{ $('Telegram Trigger').item.json.message.chat.id }}",
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "8dfce473-9dc5-476e-99d2-c52c197f2f5d",
"name": "Telegram Trigger",
"type": "n8n-nodes-base.telegramTrigger",
"position": [
368,
64
],
"webhookId": "b810fb7f-2e14-478f-b211-e63b5c270f78",
"parameters": {
"updates": [
"message"
],
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "be71fedb-6aa7-4b77-ab99-3267ac8ec861",
"name": "Notizzettel1",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-768
],
"parameters": {
"width": 464,
"height": 704,
"content": "Goal:\nThis workflow allows users to quickly analyze potentially malicious URLs received via text or email, directly from their mobile device using Telegram.\nWhen users don't have time to manually investigate links on a computer or search engine, they can simply paste the URL into the Telegram chat and receive a concise summary of the scan results—powered by two open-source URL scanning services.\n\nDisclaimer:\nWhile this tool helps identify threats, it does not guarantee full protection. Use caution—Telegram itself could be a potential point of compromise. Always follow safe browsing practices.\n\nWorkflow Nodes:\nTelegram Trigger – Listens for incoming messages with URLs.\n\nurlscan.io – Performs the first malicious URL scan.\n\nVirusTotal (HTTP Request) – Executes a second URL scan using VirusTotal.\n\nMerge Node – Combines the results from both scanners.\n\nAI Agent (ChatGPT with simple memory) – Analyzes the scan results and generates a readable summary.\n\nLimit Node – Ensures only one summary is sent per URL.\n\nTelegram Send Message Node – Sends the summary back to the user.\n\nGoogle Sheets (Logging) – Records scan results for auditing or historical reference.\n"
},
"typeVersion": 1
},
{
"id": "36f49fe2-ac55-4dde-8786-9c9611947173",
"name": "URL-Protokollierung",
"type": "n8n-nodes-base.googleSheets",
"position": [
2464,
176
],
"parameters": {
"columns": {
"value": {
"URL": "={{ $('Telegram Trigger').item.json.message.text }}",
"Report": "={{ $json.output }}",
"Date/Time": "={{ $now }}"
},
"schema": [
{
"id": "URL",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "URL",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Report",
"type": "string",
"display": true,
"required": false,
"displayName": "Report",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Date/Time",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Date/Time",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [
"URL"
],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "appendOrUpdate",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit?usp=drivesdk",
"cachedResultName": "URL Scanner"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "00I6bO4Q6G7D1Ud5",
"name": "Google Sheets account 2"
}
},
"typeVersion": 4.7
},
{
"id": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"name": "Zusammenfassungs-Agent für böswillige URLs",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
1712,
48
],
"parameters": {
"text": "=Role:\nYou are a cybersecurity assistant specializing in analyzing and summarizing URL scan reports. Use results from VirusTotal (always available) and urlscan.io (only if successful) to provide a professional, clear, and easy-to-understand summary.\n\nInstructions – Follow These Steps (Do Not Include in Final Summary):\n\n1.\tIdentify the scanned URL:\n{{ $('Telegram Trigger').item.json.message.text }}\n\n2. Check urlscan.io status (already provided by Code node):\n⦁\tIf urlscan_status is \"success\" → include findings from urlscan_data alongside VirusTotal.\n⦁\tIf urlscan_status is \"failed\" → rely only on VirusTotal and clearly state: “urlscan.io scan failed or was blocked.”\n\n3. Assess threat level (based on VirusTotal):\nClassify as Harmless, Suspicious, or Malicious\n⦁\tBase this on:\n⦁\tThe number of engines that flagged the URL\n⦁\tSeverity of detections from notable vendors (Kaspersky, Bitdefender, Sophos, etc.)\n\n4. Quantify detections:\n⦁\tNumber of VirusTotal engines flagging the URL\n⦁\tNotable antivirus vendors and what they reported\n\nProvide recommendation:\n⦁\tUse plain, clear language for a general audience\n⦁\tExamples: “Appears safe,” “Proceed with caution,” “Avoid this URL.”\n\n\nOutput Format:\nTitle:\nSummary for {{ $('Telegram Trigger').item.json.message.text }} {{ $now }}\n\nBullet Points:\n⦁\tThreat Level: [Harmless / Suspicious / Malicious]\n⦁\tNumber of engines flagging the URL: [X engines]\n⦁\tVirusTotal score: [Number or descriptive result]\n\nurlscan.io indicators:\n⦁\tIf urlscan_status is \"success\" → summarize results from urlscan_data\n⦁\tIf urlscan_status is \"failed\" → output exactly: “Scan failed or was blocked”\n\n⦁\tNotable detections: [List key AV engines if any]\n⦁\tRecommendation: [Plain-language recommendation]\n\nFinal Summary (4–8 sentences):\n⦁\tAlways provide a complete summary.\n⦁\tIf urlscan.io succeeded → combine VirusTotal + urlscan.io results.\n⦁\tIf urlscan.io failed → summarize VirusTotal results normally, then add one sentence noting the urlscan.io scan was blocked or failed.\n⦁\tInclude: the URL, detection counts, notable antivirus vendors, and a clear recommendation.\n\nClose with this reminder:\nEven if a link appears safe, always exercise caution when clicking unknown URLs—threats can evolve quickly.",
"options": {
"systemMessage": "You are a cybersecurity assistant designed to analyze and summarize URL scan results using data from VirusTotal and urlscan.io.\n\nYour role is to:\n\nProvide a concise, professional, and easy-to-understand summary of each scan.\n\nExtract key insights from the JSON responses of both services.\n\nNormalize and interpret data to assess whether the scanned URL is harmless, suspicious, or malicious.\n\nWrite in a tone that is accessible to users with basic technical literacy.\n\nAvoid raw JSON fields, API parameter names, or unnecessary technical jargon.\n\nFor each scan, your output should include:\n\nA bullet-point summary of the key findings.\n\nA short written summary (4–8 sentences) combining insights from both sources.\n\nA clear recommendation to help the user decide whether to avoid, review, or safely access the URL.\n\nAlways integrate results from both services into a unified, user-friendly report."
},
"promptType": "define"
},
"typeVersion": 2.2
},
{
"id": "4fae7e6b-8213-4aba-8dd2-9d3759a1e69a",
"name": "OpenAI Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1648,
224
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4",
"cachedResultName": "gpt-4"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "hMcXnFiQO609PLIt",
"name": "OpenAi account 2"
}
},
"typeVersion": 1.2
},
{
"id": "d2802345-d0e1-44b9-96b3-a8a84409dc51",
"name": "Speicher für böswillige URLs",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"position": [
1888,
224
],
"parameters": {
"sessionKey": "summary",
"sessionIdType": "customKey"
},
"typeVersion": 1.3
},
{
"id": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"name": "Limit 1 Summary",
"type": "n8n-nodes-base.limit",
"position": [
2080,
48
],
"parameters": {},
"typeVersion": 1
},
{
"id": "df416f80-cc4d-4031-9e84-b929a262da0b",
"name": "urlscan Scan durchführen",
"type": "n8n-nodes-base.urlScanIo",
"onError": "continueRegularOutput",
"position": [
848,
-32
],
"parameters": {
"url": "={{ $json.message.text }}",
"additionalFields": {}
},
"credentials": {
"urlScanIoApi": {
"id": "CXtAPI518wpSPfF4",
"name": "urlscan.io account 2"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"name": "Zusammenfassungsdaten vorbereiten",
"type": "n8n-nodes-base.code",
"position": [
1472,
48
],
"parameters": {
"jsCode": "// Example Code node\n// Input: results from urlscan.io + VirusTotal + Telegram trigger\n\nconst items = $input.all();\n\n// Loop through items so we don’t drop anything\nreturn items.map(item => {\n const urlscan = item.json.urlscan || {};\n const virustotal = item.json.virustotal || {};\n \n let summary = \"\";\n\n if (urlscan.message) {\n summary = `✅ urlscan.io result:\\n${JSON.stringify(urlscan)}\\n\\n✅ VirusTotal result:\\n${JSON.stringify(virustotal)}`;\n } else {\n summary = `⚠️ urlscan.io scan failed. Falling back to VirusTotal only:\\n${JSON.stringify(virustotal)}`;\n }\n\n // Preserve original fields (chatId, etc.)\n return {\n json: {\n ...item.json,\n summary, // add your summary field\n },\n binary: item.binary ?? undefined, // keep binary if exists\n };\n});\n\n"
},
"typeVersion": 2
},
{
"id": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"name": "Scans zusammenführen",
"type": "n8n-nodes-base.merge",
"position": [
1216,
48
],
"parameters": {},
"typeVersion": 3.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "49fe0c17-5447-4ec2-805a-8508d4463e5d",
"connections": {
"056830ce-9c9e-4e4f-8d7c-51364596c6d7": {
"main": [
[
{
"node": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"type": "main",
"index": 0
}
]
]
},
"4fae7e6b-8213-4aba-8dd2-9d3759a1e69a": {
"ai_languageModel": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"66ea8113-1052-4b08-8ee4-af822a3d42c4": {
"main": [
[
{
"node": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"type": "main",
"index": 0
},
{
"node": "36f49fe2-ac55-4dde-8786-9c9611947173",
"type": "main",
"index": 0
}
]
]
},
"8dfce473-9dc5-476e-99d2-c52c197f2f5d": {
"main": [
[
{
"node": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"type": "main",
"index": 0
},
{
"node": "df416f80-cc4d-4031-9e84-b929a262da0b",
"type": "main",
"index": 0
}
]
]
},
"7438f4d5-4837-4dae-b92f-2075ca498cf9": {
"main": [
[]
]
},
"d2802345-d0e1-44b9-96b3-a8a84409dc51": {
"ai_memory": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_memory",
"index": 0
}
]
]
},
"de9d28e5-6f58-48cd-af76-36c0c2160a4d": {
"main": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "main",
"index": 0
}
]
]
},
"df416f80-cc4d-4031-9e84-b929a262da0b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 0
}
],
[]
]
},
"4fe74461-614b-4fe1-a0ca-a06d003c056b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 1
}
]
]
},
"aefd6784-f72d-4a12-b2f9-5dca81481b8f": {
"main": [
[
{
"node": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Fortgeschritten - Sicherheitsbetrieb, Multimodales KI
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
💥 Automatisierung von Videoanzeigen mit NanoBanana, Seedream 4, ChatGPT Image und Veo 3 - VIDE
Automatisierung und Veröffentlichung von Video-Werbekampagnen mit KI (NanoBanana, Seedream, GPT-4o, Veo 3)
Set
Code
Wait
+
Set
Code
Wait
63 NodesDr. Firas
Content-Erstellung
Kalt-E-Mail-Workflow mit GPT-4-Antrieb, mit vollständig angepasster Folge-E-Mail-Serie von 3 E-Mails
Automatisierung personalisierter Kalt-E-Mail-Serien mit GPT-4, Mailgun und Supabase
If
Set
Code
+
If
Set
Code
100 NodesPaul
Lead-Pflege
Vollständiger B2B-Vertriebsprozess: Apollo Lead-Generierung, Mailgun-Outreach und KI-Antwortverwaltung
Vollständiger B2B-Vertriebsprozess: Apollo Lead-Generierung, Mailgun Outreach und AI-Antwortmanagement
If
Set
Code
+
If
Set
Code
116 NodesPaul
Content-Erstellung
1. Playlist-Details-Einstellungen für Roboter-Kopie
Erstelle KI-generierte YouTube-Musik-Playlists mit Suno, GPT-4, Runway und Creatomate
If
Set
Code
+
If
Set
Code
203 NodesJoseph
Content-Erstellung
💥 Generiere AI-Viral-Videos mit NanoBanana und VEO3 und teile sie über Blotato auf Social Media - Video
AI-Virale-Videos mit NanoBanana und VEO3 generieren und über Blotato in sozialen Medien teilen
Set
Code
Wait
+
Set
Code
Wait
47 NodesDr. Firas
Verschiedenes
KI-Persönlicher Assistent - Aufgaben- und E-Mail-Management
Aufgaben, E-Mails und Kalender über den GPT-4o-Persönlichen Assistenten auf Telegram verwalten
Set
Code
Switch
+
Set
Code
Switch
40 NodesRonnie Craig
Content-Erstellung
Workflow-Informationen
Schwierigkeitsgrad
Fortgeschritten
Anzahl der Nodes13
Kategorie2
Node-Typen12
Autor
Michael Gullo
@mgulloI’m passionate about using n8n to create realistic workflows that help working class people simplify their daily tasks. My workflows aim to make life easier by eliminating mundane, repetitive responsibilities that take up valuable time. I love turning automation into a tool that lets people focus on what matters most to them.
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen