Copiar URL maliciosas
Intermedio
Este es unSecOps, Multimodal AIflujo de automatización del dominio deautomatización que contiene 13 nodos.Utiliza principalmente nodos como Code, Limit, Merge, Telegram, UrlScanIo. Verificar enlaces sospechosos en Telegram, usando GPT-4 para analizar los resultados de VirusTotal y urlscan.io
Requisitos previos
- •Bot Token de Telegram
- •Pueden requerirse credenciales de autenticación para la API de destino
- •Credenciales de API de Google Sheets
- •Clave de API de OpenAI
Nodos utilizados (13)
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"id": "PieiJJOvbuPki3Mj",
"meta": {
"instanceId": "37378868811aa5e52ca1cd19a8874f269c8a908a16e8e6aecf58cb1f0c7cd08f",
"templateCredsSetupCompleted": true
},
"name": "COPY Malicious URL",
"tags": [],
"nodes": [
{
"id": "b0c038b7-7362-45a3-a0ad-b1f1b5efc738",
"name": "Nota adhesiva",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-64
],
"parameters": {
"color": 3,
"width": 2348,
"height": 448,
"content": "Malicious URL Scanner Through Telegram"
},
"typeVersion": 1
},
{
"id": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"name": "Solicitud de VirusTotal HTTP",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
848,
208
],
"parameters": {
"": "",
"url": "https://www.virustotal.com/api/v3/urls",
"method": "POST",
"options": {},
"sendBody": false,
"sendQuery": true,
"curlImport": "",
"infoMessage": "",
"sendHeaders": false,
"specifyQuery": "keypair",
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "url",
"value": "={{ $json.message.text }}"
}
]
},
"httpVariantWarning": "",
"nodeCredentialType": "virusTotalApi",
"provideSslCertificates": false
},
"credentials": {
"virusTotalApi": {
"id": "UcWt9YCOMpHQ0jOB",
"name": "VirusTotal account"
}
},
"typeVersion": 4.2,
"extendsCredential": "virusTotalApi"
},
{
"id": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"name": "Enviar mensaje de texto",
"type": "n8n-nodes-base.telegram",
"position": [
2464,
-48
],
"webhookId": "3e61fce0-30f0-47ab-aba9-9ad2717c9303",
"parameters": {
"text": "={{ $json.output }}",
"chatId": "={{ $('Telegram Trigger').item.json.message.chat.id }}",
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "8dfce473-9dc5-476e-99d2-c52c197f2f5d",
"name": "Telegram Activador",
"type": "n8n-nodes-base.telegramTrigger",
"position": [
368,
64
],
"webhookId": "b810fb7f-2e14-478f-b211-e63b5c270f78",
"parameters": {
"updates": [
"message"
],
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "be71fedb-6aa7-4b77-ab99-3267ac8ec861",
"name": "Nota adhesiva1",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-768
],
"parameters": {
"width": 464,
"height": 704,
"content": "Goal:\nThis workflow allows users to quickly analyze potentially malicious URLs received via text or email, directly from their mobile device using Telegram.\nWhen users don't have time to manually investigate links on a computer or search engine, they can simply paste the URL into the Telegram chat and receive a concise summary of the scan results—powered by two open-source URL scanning services.\n\nDisclaimer:\nWhile this tool helps identify threats, it does not guarantee full protection. Use caution—Telegram itself could be a potential point of compromise. Always follow safe browsing practices.\n\nWorkflow Nodes:\nTelegram Trigger – Listens for incoming messages with URLs.\n\nurlscan.io – Performs the first malicious URL scan.\n\nVirusTotal (HTTP Request) – Executes a second URL scan using VirusTotal.\n\nMerge Node – Combines the results from both scanners.\n\nAI Agent (ChatGPT with simple memory) – Analyzes the scan results and generates a readable summary.\n\nLimit Node – Ensures only one summary is sent per URL.\n\nTelegram Send Message Node – Sends the summary back to the user.\n\nGoogle Sheets (Logging) – Records scan results for auditing or historical reference.\n"
},
"typeVersion": 1
},
{
"id": "36f49fe2-ac55-4dde-8786-9c9611947173",
"name": "Registro de URL",
"type": "n8n-nodes-base.googleSheets",
"position": [
2464,
176
],
"parameters": {
"columns": {
"value": {
"URL": "={{ $('Telegram Trigger').item.json.message.text }}",
"Report": "={{ $json.output }}",
"Date/Time": "={{ $now }}"
},
"schema": [
{
"id": "URL",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "URL",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Report",
"type": "string",
"display": true,
"required": false,
"displayName": "Report",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Date/Time",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Date/Time",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [
"URL"
],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "appendOrUpdate",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit?usp=drivesdk",
"cachedResultName": "URL Scanner"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "00I6bO4Q6G7D1Ud5",
"name": "Google Sheets account 2"
}
},
"typeVersion": 4.7
},
{
"id": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"name": "Agente de Resumen de URL Maliciosa",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
1712,
48
],
"parameters": {
"text": "=Role:\nYou are a cybersecurity assistant specializing in analyzing and summarizing URL scan reports. Use results from VirusTotal (always available) and urlscan.io (only if successful) to provide a professional, clear, and easy-to-understand summary.\n\nInstructions – Follow These Steps (Do Not Include in Final Summary):\n\n1.\tIdentify the scanned URL:\n{{ $('Telegram Trigger').item.json.message.text }}\n\n2. Check urlscan.io status (already provided by Code node):\n⦁\tIf urlscan_status is \"success\" → include findings from urlscan_data alongside VirusTotal.\n⦁\tIf urlscan_status is \"failed\" → rely only on VirusTotal and clearly state: “urlscan.io scan failed or was blocked.”\n\n3. Assess threat level (based on VirusTotal):\nClassify as Harmless, Suspicious, or Malicious\n⦁\tBase this on:\n⦁\tThe number of engines that flagged the URL\n⦁\tSeverity of detections from notable vendors (Kaspersky, Bitdefender, Sophos, etc.)\n\n4. Quantify detections:\n⦁\tNumber of VirusTotal engines flagging the URL\n⦁\tNotable antivirus vendors and what they reported\n\nProvide recommendation:\n⦁\tUse plain, clear language for a general audience\n⦁\tExamples: “Appears safe,” “Proceed with caution,” “Avoid this URL.”\n\n\nOutput Format:\nTitle:\nSummary for {{ $('Telegram Trigger').item.json.message.text }} {{ $now }}\n\nBullet Points:\n⦁\tThreat Level: [Harmless / Suspicious / Malicious]\n⦁\tNumber of engines flagging the URL: [X engines]\n⦁\tVirusTotal score: [Number or descriptive result]\n\nurlscan.io indicators:\n⦁\tIf urlscan_status is \"success\" → summarize results from urlscan_data\n⦁\tIf urlscan_status is \"failed\" → output exactly: “Scan failed or was blocked”\n\n⦁\tNotable detections: [List key AV engines if any]\n⦁\tRecommendation: [Plain-language recommendation]\n\nFinal Summary (4–8 sentences):\n⦁\tAlways provide a complete summary.\n⦁\tIf urlscan.io succeeded → combine VirusTotal + urlscan.io results.\n⦁\tIf urlscan.io failed → summarize VirusTotal results normally, then add one sentence noting the urlscan.io scan was blocked or failed.\n⦁\tInclude: the URL, detection counts, notable antivirus vendors, and a clear recommendation.\n\nClose with this reminder:\nEven if a link appears safe, always exercise caution when clicking unknown URLs—threats can evolve quickly.",
"options": {
"systemMessage": "You are a cybersecurity assistant designed to analyze and summarize URL scan results using data from VirusTotal and urlscan.io.\n\nYour role is to:\n\nProvide a concise, professional, and easy-to-understand summary of each scan.\n\nExtract key insights from the JSON responses of both services.\n\nNormalize and interpret data to assess whether the scanned URL is harmless, suspicious, or malicious.\n\nWrite in a tone that is accessible to users with basic technical literacy.\n\nAvoid raw JSON fields, API parameter names, or unnecessary technical jargon.\n\nFor each scan, your output should include:\n\nA bullet-point summary of the key findings.\n\nA short written summary (4–8 sentences) combining insights from both sources.\n\nA clear recommendation to help the user decide whether to avoid, review, or safely access the URL.\n\nAlways integrate results from both services into a unified, user-friendly report."
},
"promptType": "define"
},
"typeVersion": 2.2
},
{
"id": "4fae7e6b-8213-4aba-8dd2-9d3759a1e69a",
"name": "OpenAI Modelo",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1648,
224
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4",
"cachedResultName": "gpt-4"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "hMcXnFiQO609PLIt",
"name": "OpenAi account 2"
}
},
"typeVersion": 1.2
},
{
"id": "d2802345-d0e1-44b9-96b3-a8a84409dc51",
"name": "Memoria de URL Maliciosa",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"position": [
1888,
224
],
"parameters": {
"sessionKey": "summary",
"sessionIdType": "customKey"
},
"typeVersion": 1.3
},
{
"id": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"name": "Resumen Límite 1",
"type": "n8n-nodes-base.limit",
"position": [
2080,
48
],
"parameters": {},
"typeVersion": 1
},
{
"id": "df416f80-cc4d-4031-9e84-b929a262da0b",
"name": "urlscan Realizar Escaneo",
"type": "n8n-nodes-base.urlScanIo",
"onError": "continueRegularOutput",
"position": [
848,
-32
],
"parameters": {
"url": "={{ $json.message.text }}",
"additionalFields": {}
},
"credentials": {
"urlScanIoApi": {
"id": "CXtAPI518wpSPfF4",
"name": "urlscan.io account 2"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"name": "Preparar Datos de Resumen",
"type": "n8n-nodes-base.code",
"position": [
1472,
48
],
"parameters": {
"jsCode": "// Example Code node\n// Input: results from urlscan.io + VirusTotal + Telegram trigger\n\nconst items = $input.all();\n\n// Loop through items so we don’t drop anything\nreturn items.map(item => {\n const urlscan = item.json.urlscan || {};\n const virustotal = item.json.virustotal || {};\n \n let summary = \"\";\n\n if (urlscan.message) {\n summary = `✅ urlscan.io result:\\n${JSON.stringify(urlscan)}\\n\\n✅ VirusTotal result:\\n${JSON.stringify(virustotal)}`;\n } else {\n summary = `⚠️ urlscan.io scan failed. Falling back to VirusTotal only:\\n${JSON.stringify(virustotal)}`;\n }\n\n // Preserve original fields (chatId, etc.)\n return {\n json: {\n ...item.json,\n summary, // add your summary field\n },\n binary: item.binary ?? undefined, // keep binary if exists\n };\n});\n\n"
},
"typeVersion": 2
},
{
"id": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"name": "Combinar Escaneos",
"type": "n8n-nodes-base.merge",
"position": [
1216,
48
],
"parameters": {},
"typeVersion": 3.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "49fe0c17-5447-4ec2-805a-8508d4463e5d",
"connections": {
"056830ce-9c9e-4e4f-8d7c-51364596c6d7": {
"main": [
[
{
"node": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"type": "main",
"index": 0
}
]
]
},
"4fae7e6b-8213-4aba-8dd2-9d3759a1e69a": {
"ai_languageModel": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"66ea8113-1052-4b08-8ee4-af822a3d42c4": {
"main": [
[
{
"node": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"type": "main",
"index": 0
},
{
"node": "36f49fe2-ac55-4dde-8786-9c9611947173",
"type": "main",
"index": 0
}
]
]
},
"8dfce473-9dc5-476e-99d2-c52c197f2f5d": {
"main": [
[
{
"node": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"type": "main",
"index": 0
},
{
"node": "df416f80-cc4d-4031-9e84-b929a262da0b",
"type": "main",
"index": 0
}
]
]
},
"7438f4d5-4837-4dae-b92f-2075ca498cf9": {
"main": [
[]
]
},
"d2802345-d0e1-44b9-96b3-a8a84409dc51": {
"ai_memory": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "ai_memory",
"index": 0
}
]
]
},
"de9d28e5-6f58-48cd-af76-36c0c2160a4d": {
"main": [
[
{
"node": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"type": "main",
"index": 0
}
]
]
},
"df416f80-cc4d-4031-9e84-b929a262da0b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 0
}
],
[]
]
},
"4fe74461-614b-4fe1-a0ca-a06d003c056b": {
"main": [
[
{
"node": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"type": "main",
"index": 1
}
]
]
},
"aefd6784-f72d-4a12-b2f9-5dca81481b8f": {
"main": [
[
{
"node": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Intermedio - Operaciones de seguridad, IA Multimodal
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
💥 Automatización de anuncios de video con NanoBanana, Seedream 4, ChatGPT Image y Veo 3 - VIDE
Usar IA (NanoBanana, Seedream, GPT-4o, Veo 3) para automatizar y publicar campañas de video publicitario
Set
Code
Wait
+
Set
Code
Wait
63 NodosDr. Firas
Creación de contenido
Flujo de trabajo de correos fríos impulsado por GPT-4, con 3 correos de seguimiento completamente personalizados
Automatizar secuencias de frío personalizadas con GPT-4, Mailgun y Supabase
If
Set
Code
+
If
Set
Code
100 NodosPaul
Nutrición de leads
Proceso de ventas B2B completo: generación de leads con Apollo, prospección con Mailgun y gestión de respuestas con AI
完整de B2B ventas流程:Apollo 潜在clientegeneración、Mailgun 外展y AI 回复gestión
If
Set
Code
+
If
Set
Code
116 NodosPaul
Creación de contenido
1. Configuración del robot para detalles de la lista de reproducción
Usa Suno, GPT-4, Runway y Creatomate para crear listas de reproducción de música de YouTube generadas por IA
If
Set
Code
+
If
Set
Code
203 NodosJoseph
Creación de contenido
💥 Usar NanoBanana y VEO3 para generar videos virales de IA, compartir a través de Blotato a plataformas sociales - Video
Generar videos virales de IA con NanoBanana y VEO3, compartir en redes sociales con Blotato
Set
Code
Wait
+
Set
Code
Wait
47 NodosDr. Firas
Varios
Asistente personal de IA - Gestión de tareas y correos
Gestión de tareas, correos electrónicos y calendario con un asistente personal GPT-4o en Telegram
Set
Code
Switch
+
Set
Code
Switch
40 NodosRonnie Craig
Creación de contenido
Información del flujo de trabajo
Nivel de dificultad
Intermedio
Número de nodos13
Categoría2
Tipos de nodos12
Descripción de la dificultad
Autor
Michael Gullo
@mgulloI’m passionate about using n8n to create realistic workflows that help working class people simplify their daily tasks. My workflows aim to make life easier by eliminating mundane, repetitive responsibilities that take up valuable time. I love turning automation into a tool that lets people focus on what matters most to them.
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo