Copier des URL malveillantes
Intermédiaire
Ceci est unSecOps, Multimodal AIworkflow d'automatisation du domainecontenant 13 nœuds.Utilise principalement des nœuds comme Code, Limit, Merge, Telegram, UrlScanIo. Vérifier les liens suspects via Telegram, en analysant les résultats de VirusTotal et urlscan.io avec GPT-4
Prérequis
- •Token Bot Telegram
- •Peut nécessiter les informations d'identification d'authentification de l'API cible
- •Informations d'identification Google Sheets API
- •Clé API OpenAI
Nœuds utilisés (13)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"id": "PieiJJOvbuPki3Mj",
"meta": {
"instanceId": "37378868811aa5e52ca1cd19a8874f269c8a908a16e8e6aecf58cb1f0c7cd08f",
"templateCredsSetupCompleted": true
},
"name": "COPY Malicious URL",
"tags": [],
"nodes": [
{
"id": "b0c038b7-7362-45a3-a0ad-b1f1b5efc738",
"name": "Note autocollante",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-64
],
"parameters": {
"color": 3,
"width": 2348,
"height": 448,
"content": "Malicious URL Scanner Through Telegram"
},
"typeVersion": 1
},
{
"id": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"name": "Requête VirusTotal HTTP",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
848,
208
],
"parameters": {
"": "",
"url": "https://www.virustotal.com/api/v3/urls",
"method": "POST",
"options": {},
"sendBody": false,
"sendQuery": true,
"curlImport": "",
"infoMessage": "",
"sendHeaders": false,
"specifyQuery": "keypair",
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "url",
"value": "={{ $json.message.text }}"
}
]
},
"httpVariantWarning": "",
"nodeCredentialType": "virusTotalApi",
"provideSslCertificates": false
},
"credentials": {
"virusTotalApi": {
"id": "UcWt9YCOMpHQ0jOB",
"name": "VirusTotal account"
}
},
"typeVersion": 4.2,
"extendsCredential": "virusTotalApi"
},
{
"id": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"name": "Envoyer un message texte",
"type": "n8n-nodes-base.telegram",
"position": [
2464,
-48
],
"webhookId": "3e61fce0-30f0-47ab-aba9-9ad2717c9303",
"parameters": {
"text": "={{ $json.output }}",
"chatId": "={{ $('Telegram Trigger').item.json.message.chat.id }}",
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "8dfce473-9dc5-476e-99d2-c52c197f2f5d",
"name": "Déclencheur Telegram",
"type": "n8n-nodes-base.telegramTrigger",
"position": [
368,
64
],
"webhookId": "b810fb7f-2e14-478f-b211-e63b5c270f78",
"parameters": {
"updates": [
"message"
],
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "be71fedb-6aa7-4b77-ab99-3267ac8ec861",
"name": "Note autocollante1",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-768
],
"parameters": {
"width": 464,
"height": 704,
"content": "Goal:\nThis workflow allows users to quickly analyze potentially malicious URLs received via text or email, directly from their mobile device using Telegram.\nWhen users don't have time to manually investigate links on a computer or search engine, they can simply paste the URL into the Telegram chat and receive a concise summary of the scan results—powered by two open-source URL scanning services.\n\nDisclaimer:\nWhile this tool helps identify threats, it does not guarantee full protection. Use caution—Telegram itself could be a potential point of compromise. Always follow safe browsing practices.\n\nWorkflow Nodes:\nTelegram Trigger – Listens for incoming messages with URLs.\n\nurlscan.io – Performs the first malicious URL scan.\n\nVirusTotal (HTTP Request) – Executes a second URL scan using VirusTotal.\n\nMerge Node – Combines the results from both scanners.\n\nAI Agent (ChatGPT with simple memory) – Analyzes the scan results and generates a readable summary.\n\nLimit Node – Ensures only one summary is sent per URL.\n\nTelegram Send Message Node – Sends the summary back to the user.\n\nGoogle Sheets (Logging) – Records scan results for auditing or historical reference.\n"
},
"typeVersion": 1
},
{
"id": "36f49fe2-ac55-4dde-8786-9c9611947173",
"name": "Journalisation d'URL",
"type": "n8n-nodes-base.googleSheets",
"position": [
2464,
176
],
"parameters": {
"columns": {
"value": {
"URL": "={{ $('Telegram Trigger').item.json.message.text }}",
"Report": "={{ $json.output }}",
"Date/Time": "={{ $now }}"
},
"schema": [
{
"id": "URL",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "URL",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Report",
"type": "string",
"display": true,
"required": false,
"displayName": "Report",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Date/Time",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Date/Time",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [
"URL"
],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "appendOrUpdate",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit?usp=drivesdk",
"cachedResultName": "URL Scanner"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "00I6bO4Q6G7D1Ud5",
"name": "Google Sheets account 2"
}
},
"typeVersion": 4.7
},
{
"id": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"name": "Agent de résumé d'URL malveillante",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
1712,
48
],
"parameters": {
"text": "=Role:\nYou are a cybersecurity assistant specializing in analyzing and summarizing URL scan reports. Use results from VirusTotal (always available) and urlscan.io (only if successful) to provide a professional, clear, and easy-to-understand summary.\n\nInstructions – Follow These Steps (Do Not Include in Final Summary):\n\n1.\tIdentify the scanned URL:\n{{ $('Telegram Trigger').item.json.message.text }}\n\n2. Check urlscan.io status (already provided by Code node):\n⦁\tIf urlscan_status is \"success\" → include findings from urlscan_data alongside VirusTotal.\n⦁\tIf urlscan_status is \"failed\" → rely only on VirusTotal and clearly state: “urlscan.io scan failed or was blocked.”\n\n3. Assess threat level (based on VirusTotal):\nClassify as Harmless, Suspicious, or Malicious\n⦁\tBase this on:\n⦁\tThe number of engines that flagged the URL\n⦁\tSeverity of detections from notable vendors (Kaspersky, Bitdefender, Sophos, etc.)\n\n4. Quantify detections:\n⦁\tNumber of VirusTotal engines flagging the URL\n⦁\tNotable antivirus vendors and what they reported\n\nProvide recommendation:\n⦁\tUse plain, clear language for a general audience\n⦁\tExamples: “Appears safe,” “Proceed with caution,” “Avoid this URL.”\n\n\nOutput Format:\nTitle:\nSummary for {{ $('Telegram Trigger').item.json.message.text }} {{ $now }}\n\nBullet Points:\n⦁\tThreat Level: [Harmless / Suspicious / Malicious]\n⦁\tNumber of engines flagging the URL: [X engines]\n⦁\tVirusTotal score: [Number or descriptive result]\n\nurlscan.io indicators:\n⦁\tIf urlscan_status is \"success\" → summarize results from urlscan_data\n⦁\tIf urlscan_status is \"failed\" → output exactly: “Scan failed or was blocked”\n\n⦁\tNotable detections: [List key AV engines if any]\n⦁\tRecommendation: [Plain-language recommendation]\n\nFinal Summary (4–8 sentences):\n⦁\tAlways provide a complete summary.\n⦁\tIf urlscan.io succeeded → combine VirusTotal + urlscan.io results.\n⦁\tIf urlscan.io failed → summarize VirusTotal results normally, then add one sentence noting the urlscan.io scan was blocked or failed.\n⦁\tInclude: the URL, detection counts, notable antivirus vendors, and a clear recommendation.\n\nClose with this reminder:\nEven if a link appears safe, always exercise caution when clicking unknown URLs—threats can evolve quickly.",
"options": {
"systemMessage": "You are a cybersecurity assistant designed to analyze and summarize URL scan results using data from VirusTotal and urlscan.io.\n\nYour role is to:\n\nProvide a concise, professional, and easy-to-understand summary of each scan.\n\nExtract key insights from the JSON responses of both services.\n\nNormalize and interpret data to assess whether the scanned URL is harmless, suspicious, or malicious.\n\nWrite in a tone that is accessible to users with basic technical literacy.\n\nAvoid raw JSON fields, API parameter names, or unnecessary technical jargon.\n\nFor each scan, your output should include:\n\nA bullet-point summary of the key findings.\n\nA short written summary (4–8 sentences) combining insights from both sources.\n\nA clear recommendation to help the user decide whether to avoid, review, or safely access the URL.\n\nAlways integrate results from both services into a unified, user-friendly report."
},
"promptType": "define"
},
"typeVersion": 2.2
},
{
"id": "4fae7e6b-8213-4aba-8dd2-9d3759a1e69a",
"name": "Modèle OpenAI",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1648,
224
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4",
"cachedResultName": "gpt-4"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "hMcXnFiQO609PLIt",
"name": "OpenAi account 2"
}
},
"typeVersion": 1.2
},
{
"id": "d2802345-d0e1-44b9-96b3-a8a84409dc51",
"name": "Mémoire d'URL malveillante",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"position": [
1888,
224
],
"parameters": {
"sessionKey": "summary",
"sessionIdType": "customKey"
},
"typeVersion": 1.3
},
{
"id": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"name": "Résumé Limite 1",
"type": "n8n-nodes-base.limit",
"position": [
2080,
48
],
"parameters": {},
"typeVersion": 1
},
{
"id": "df416f80-cc4d-4031-9e84-b929a262da0b",
"name": "urlscan Effectuer un scan",
"type": "n8n-nodes-base.urlScanIo",
"onError": "continueRegularOutput",
"position": [
848,
-32
],
"parameters": {
"url": "={{ $json.message.text }}",
"additionalFields": {}
},
"credentials": {
"urlScanIoApi": {
"id": "CXtAPI518wpSPfF4",
"name": "urlscan.io account 2"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"name": "Préparer les données de résumé",
"type": "n8n-nodes-base.code",
"position": [
1472,
48
],
"parameters": {
"jsCode": "// Example Code node\n// Input: results from urlscan.io + VirusTotal + Telegram trigger\n\nconst items = $input.all();\n\n// Loop through items so we don’t drop anything\nreturn items.map(item => {\n const urlscan = item.json.urlscan || {};\n const virustotal = item.json.virustotal || {};\n \n let summary = \"\";\n\n if (urlscan.message) {\n summary = `✅ urlscan.io result:\\n${JSON.stringify(urlscan)}\\n\\n✅ VirusTotal result:\\n${JSON.stringify(virustotal)}`;\n } else {\n summary = `⚠️ urlscan.io scan failed. Falling back to VirusTotal only:\\n${JSON.stringify(virustotal)}`;\n }\n\n // Preserve original fields (chatId, etc.)\n return {\n json: {\n ...item.json,\n summary, // add your summary field\n },\n binary: item.binary ?? undefined, // keep binary if exists\n };\n});\n\n"
},
"typeVersion": 2
},
{
"id": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"name": "Fusionner les scans",
"type": "n8n-nodes-base.merge",
"position": [
1216,
48
],
"parameters": {},
"typeVersion": 3.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "49fe0c17-5447-4ec2-805a-8508d4463e5d",
"connections": {
"056830ce-9c9e-4e4f-8d7c-51364596c6d7": {
"main": [
[
{
"node": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"type": "main",
"index": 0
}
]
]
},
"4fae7e6b-8213-4aba-8dd2-9d3759a1e69a": {
"ai_languageModel": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"66ea8113-1052-4b08-8ee4-af822a3d42c4": {
"main": [
[
{
"node": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"type": "main",
"index": 0
},
{
"node": "36f49fe2-ac55-4dde-8786-9c9611947173",
"type": "main",
"index": 0
}
]
]
},
"8dfce473-9dc5-476e-99d2-c52c197f2f5d": {
"main": [
[
{
"node": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"type": "main",
"index": 0
},
{
"node": "df416f80-cc4d-4031-9e84-b929a262da0b",
"type": "main",
"index": 0
}
]
]
},
"7438f4d5-4837-4dae-b92f-2075ca498cf9": {
"main": [
[]
]
},
"d2802345-d0e1-44b9-96b3-a8a84409dc51": {
"ai_memory": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_memory",
"index": 0
}
]
]
},
"de9d28e5-6f58-48cd-af76-36c0c2160a4d": {
"main": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "main",
"index": 0
}
]
]
},
"df416f80-cc4d-4031-9e84-b929a262da0b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 0
}
],
[]
]
},
"4fe74461-614b-4fe1-a0ca-a06d003c056b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 1
}
]
]
},
"aefd6784-f72d-4a12-b2f9-5dca81481b8f": {
"main": [
[
{
"node": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Intermédiaire - Opérations de sécurité, IA Multimodale
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
💥 Automatisation des publicités vidéo avec NanoBanana, Seedream 4, ChatGPT Image et Veo 3 - VIDE
Utiliser l'IA (NanoBanana, Seedream, GPT-4o, Veo 3) pour automatiser et publier des campagnes publicitaires vidéo
Set
Code
Wait
+
Set
Code
Wait
63 NœudsDr. Firas
Création de contenu
Workflow de froid e-mail piloté par GPT-4, comprenant 3 e-mails de suivi entièrement personnalisés
Automatiser des séquences de froid personnalisées via GPT-4, Mailgun et Supabase
If
Set
Code
+
If
Set
Code
100 NœudsPaul
Nurturing de leads
Processus de vente B2B complet : Génération de prospects Apollo, externalisation avec Mailgun et gestion des réponses IA
Processus de vente B2B complet : Génération de prospects Apollo, prospection Mailgun et gestion des réponses AI
If
Set
Code
+
If
Set
Code
116 NœudsPaul
Création de contenu
1. Configuration du robot pour les détails de la playlist
Créer des playlists de musique YouTube générées par l'IA avec Suno, GPT-4, Runway et Creatomate
If
Set
Code
+
If
Set
Code
203 NœudsJoseph
Création de contenu
💥 Générer des vidéos virales IA avec NanoBanana et VEO3, les partager sur les réseaux sociaux avec Blotato - Vidéo
Générez des vidéos virales IA avec NanoBanana et VEO3, et partagez-les sur les réseaux sociaux via Blotato
Set
Code
Wait
+
Set
Code
Wait
47 NœudsDr. Firas
Divers
Assistant personnel IA - Gestion des tâches et des e-mails
在Telegram上utilisationGPT-4o个人助理gestion任务、e-mailet日历
Set
Code
Switch
+
Set
Code
Switch
40 NœudsRonnie Craig
Création de contenu
Informations sur le workflow
Niveau de difficulté
Intermédiaire
Nombre de nœuds13
Catégorie2
Types de nœuds12
Description de la difficulté
Auteur
Michael Gullo
@mgulloI’m passionate about using n8n to create realistic workflows that help working class people simplify their daily tasks. My workflows aim to make life easier by eliminating mundane, repetitive responsibilities that take up valuable time. I love turning automation into a tool that lets people focus on what matters most to them.
Liens externes
Voir sur n8n.io →
Partager ce workflow