复制恶意URL
中级
这是一个SecOps, Multimodal AI领域的自动化工作流,包含 13 个节点。主要使用 Code, Limit, Merge, Telegram, UrlScanIo 等节点。 通过Telegram检查可疑链接,使用GPT-4分析VirusTotal和urlscan.io结果
前置要求
- •Telegram Bot Token
- •可能需要目标 API 的认证凭证
- •Google Sheets API 凭证
- •OpenAI API Key
使用的节点 (13)
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "PieiJJOvbuPki3Mj",
"meta": {
"instanceId": "37378868811aa5e52ca1cd19a8874f269c8a908a16e8e6aecf58cb1f0c7cd08f",
"templateCredsSetupCompleted": true
},
"name": "复制恶意 URL",
"tags": [],
"nodes": [
{
"id": "b0c038b7-7362-45a3-a0ad-b1f1b5efc738",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-64
],
"parameters": {
"color": 3,
"width": 2348,
"height": 448,
"content": "通过 Telegram 的恶意 URL 扫描器"
},
"typeVersion": 1
},
{
"id": "4fe74461-614b-4fe1-a0ca-a06d003c056b",
"name": "VirusTotal HTTP 请求",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
848,
208
],
"parameters": {
"": "",
"url": "https://www.virustotal.com/api/v3/urls",
"method": "POST",
"options": {},
"sendBody": false,
"sendQuery": true,
"curlImport": "",
"infoMessage": "",
"sendHeaders": false,
"specifyQuery": "keypair",
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "url",
"value": "={{ $json.message.text }}"
}
]
},
"httpVariantWarning": "",
"nodeCredentialType": "virusTotalApi",
"provideSslCertificates": false
},
"credentials": {
"virusTotalApi": {
"id": "UcWt9YCOMpHQ0jOB",
"name": "VirusTotal account"
}
},
"typeVersion": 4.2,
"extendsCredential": "virusTotalApi"
},
{
"id": "7438f4d5-4837-4dae-b92f-2075ca498cf9",
"name": "发送文本消息",
"type": "n8n-nodes-base.telegram",
"position": [
2464,
-48
],
"webhookId": "3e61fce0-30f0-47ab-aba9-9ad2717c9303",
"parameters": {
"text": "={{ $json.output }}",
"chatId": "={{ $('Telegram Trigger').item.json.message.chat.id }}",
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "8dfce473-9dc5-476e-99d2-c52c197f2f5d",
"name": "Telegram触发器",
"type": "n8n-nodes-base.telegramTrigger",
"position": [
368,
64
],
"webhookId": "b810fb7f-2e14-478f-b211-e63b5c270f78",
"parameters": {
"updates": [
"message"
],
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "QK1e8zIZqIUk9qBY",
"name": "Malicious URL Bot"
}
},
"typeVersion": 1.2
},
{
"id": "be71fedb-6aa7-4b77-ab99-3267ac8ec861",
"name": "便签 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
320,
-768
],
"parameters": {
"width": 464,
"height": 704,
"content": "目标:"
},
"typeVersion": 1
},
{
"id": "36f49fe2-ac55-4dde-8786-9c9611947173",
"name": "URL 日志记录",
"type": "n8n-nodes-base.googleSheets",
"position": [
2464,
176
],
"parameters": {
"columns": {
"value": {
"URL": "={{ $('Telegram Trigger').item.json.message.text }}",
"Report": "={{ $json.output }}",
"Date/Time": "={{ $now }}"
},
"schema": [
{
"id": "URL",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "URL",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Report",
"type": "string",
"display": true,
"required": false,
"displayName": "Report",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Date/Time",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Date/Time",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [
"URL"
],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "appendOrUpdate",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1diuSW6dAgNu5XFH_sv1GF6TMlbm0jsokJmiuJzmSnUQ/edit?usp=drivesdk",
"cachedResultName": "URL Scanner"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "00I6bO4Q6G7D1Ud5",
"name": "Google Sheets account 2"
}
},
"typeVersion": 4.7
},
{
"id": "aefd6784-f72d-4a12-b2f9-5dca81481b8f",
"name": "恶意 URL 摘要 Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
1712,
48
],
"parameters": {
"text": "=Role:\nYou are a cybersecurity assistant specializing in analyzing and summarizing URL scan reports. Use results from VirusTotal (always available) and urlscan.io (only if successful) to provide a professional, clear, and easy-to-understand summary.\n\nInstructions – Follow These Steps (Do Not Include in Final Summary):\n\n1.\tIdentify the scanned URL:\n{{ $('Telegram Trigger').item.json.message.text }}\n\n2. Check urlscan.io status (already provided by Code node):\n⦁\tIf urlscan_status is \"success\" → include findings from urlscan_data alongside VirusTotal.\n⦁\tIf urlscan_status is \"failed\" → rely only on VirusTotal and clearly state: “urlscan.io scan failed or was blocked.”\n\n3. Assess threat level (based on VirusTotal):\nClassify as Harmless, Suspicious, or Malicious\n⦁\tBase this on:\n⦁\tThe number of engines that flagged the URL\n⦁\tSeverity of detections from notable vendors (Kaspersky, Bitdefender, Sophos, etc.)\n\n4. Quantify detections:\n⦁\tNumber of VirusTotal engines flagging the URL\n⦁\tNotable antivirus vendors and what they reported\n\nProvide recommendation:\n⦁\tUse plain, clear language for a general audience\n⦁\tExamples: “Appears safe,” “Proceed with caution,” “Avoid this URL.”\n\n\nOutput Format:\nTitle:\nSummary for {{ $('Telegram Trigger').item.json.message.text }} {{ $now }}\n\nBullet Points:\n⦁\tThreat Level: [Harmless / Suspicious / Malicious]\n⦁\tNumber of engines flagging the URL: [X engines]\n⦁\tVirusTotal score: [Number or descriptive result]\n\nurlscan.io indicators:\n⦁\tIf urlscan_status is \"success\" → summarize results from urlscan_data\n⦁\tIf urlscan_status is \"failed\" → output exactly: “Scan failed or was blocked”\n\n⦁\tNotable detections: [List key AV engines if any]\n⦁\tRecommendation: [Plain-language recommendation]\n\nFinal Summary (4–8 sentences):\n⦁\tAlways provide a complete summary.\n⦁\tIf urlscan.io succeeded → combine VirusTotal + urlscan.io results.\n⦁\tIf urlscan.io failed → summarize VirusTotal results normally, then add one sentence noting the urlscan.io scan was blocked or failed.\n⦁\tInclude: the URL, detection counts, notable antivirus vendors, and a clear recommendation.\n\nClose with this reminder:\nEven if a link appears safe, always exercise caution when clicking unknown URLs—threats can evolve quickly.",
"options": {
"systemMessage": "You are a cybersecurity assistant designed to analyze and summarize URL scan results using data from VirusTotal and urlscan.io.\n\nYour role is to:\n\nProvide a concise, professional, and easy-to-understand summary of each scan.\n\nExtract key insights from the JSON responses of both services.\n\nNormalize and interpret data to assess whether the scanned URL is harmless, suspicious, or malicious.\n\nWrite in a tone that is accessible to users with basic technical literacy.\n\nAvoid raw JSON fields, API parameter names, or unnecessary technical jargon.\n\nFor each scan, your output should include:\n\nA bullet-point summary of the key findings.\n\nA short written summary (4–8 sentences) combining insights from both sources.\n\nA clear recommendation to help the user decide whether to avoid, review, or safely access the URL.\n\nAlways integrate results from both services into a unified, user-friendly report."
},
"promptType": "define"
},
"typeVersion": 2.2
},
{
"id": "4fae7e6b-8213-4aba-8dd2-9d3759a1e69a",
"name": "OpenAI 模型",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
1648,
224
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4",
"cachedResultName": "gpt-4"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "hMcXnFiQO609PLIt",
"name": "OpenAi account 2"
}
},
"typeVersion": 1.2
},
{
"id": "d2802345-d0e1-44b9-96b3-a8a84409dc51",
"name": "恶意 URL 记忆",
"type": "@n8n/n8n-nodes-langchain.memoryBufferWindow",
"position": [
1888,
224
],
"parameters": {
"sessionKey": "summary",
"sessionIdType": "customKey"
},
"typeVersion": 1.3
},
{
"id": "66ea8113-1052-4b08-8ee4-af822a3d42c4",
"name": "限制 1 个摘要",
"type": "n8n-nodes-base.limit",
"position": [
2080,
48
],
"parameters": {},
"typeVersion": 1
},
{
"id": "df416f80-cc4d-4031-9e84-b929a262da0b",
"name": "urlscan 执行扫描",
"type": "n8n-nodes-base.urlScanIo",
"onError": "continueRegularOutput",
"position": [
848,
-32
],
"parameters": {
"url": "={{ $json.message.text }}",
"additionalFields": {}
},
"credentials": {
"urlScanIoApi": {
"id": "CXtAPI518wpSPfF4",
"name": "urlscan.io account 2"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "de9d28e5-6f58-48cd-af76-36c0c2160a4d",
"name": "准备摘要数据",
"type": "n8n-nodes-base.code",
"position": [
1472,
48
],
"parameters": {
"jsCode": "// Example Code node\n// Input: results from urlscan.io + VirusTotal + Telegram trigger\n\nconst items = $input.all();\n\n// Loop through items so we don’t drop anything\nreturn items.map(item => {\n const urlscan = item.json.urlscan || {};\n const virustotal = item.json.virustotal || {};\n \n let summary = \"\";\n\n if (urlscan.message) {\n summary = `✅ urlscan.io result:\\n${JSON.stringify(urlscan)}\\n\\n✅ VirusTotal result:\\n${JSON.stringify(virustotal)}`;\n } else {\n summary = `⚠️ urlscan.io scan failed. Falling back to VirusTotal only:\\n${JSON.stringify(virustotal)}`;\n }\n\n // Preserve original fields (chatId, etc.)\n return {\n json: {\n ...item.json,\n summary, // add your summary field\n },\n binary: item.binary ?? undefined, // keep binary if exists\n };\n});\n\n"
},
"typeVersion": 2
},
{
"id": "056830ce-9c9e-4e4f-8d7c-51364596c6d7",
"name": "合并扫描",
"type": "n8n-nodes-base.merge",
"position": [
1216,
48
],
"parameters": {},
"typeVersion": 3.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "49fe0c17-5447-4ec2-805a-8508d4463e5d",
"connections": {
"Merge Scans": {
"main": [
[
{
"node": "Prepare Summary Data",
"type": "main",
"index": 0
}
]
]
},
"OpenAI Model": {
"ai_languageModel": [
[
{
"node": "Malicious URL Summary Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Limit 1 Summary": {
"main": [
[
{
"node": "Send a text message",
"type": "main",
"index": 0
},
{
"node": "URL Logging",
"type": "main",
"index": 0
}
]
]
},
"Telegram Trigger": {
"main": [
[
{
"node": "VirusTotal HTTP Request",
"type": "main",
"index": 0
},
{
"node": "urlscan Perform Scan",
"type": "main",
"index": 0
}
]
]
},
"Send a text message": {
"main": [
[]
]
},
"Malicious URL Memory": {
"ai_memory": [
[
{
"node": "Malicious URL Summary Agent",
"type": "ai_memory",
"index": 0
}
]
]
},
"Prepare Summary Data": {
"main": [
[
{
"node": "Malicious URL Summary Agent",
"type": "main",
"index": 0
}
]
]
},
"urlscan Perform Scan": {
"main": [
[
{
"node": "Merge Scans",
"type": "main",
"index": 0
}
],
[]
]
},
"VirusTotal HTTP Request": {
"main": [
[
{
"node": "Merge Scans",
"type": "main",
"index": 1
}
]
]
},
"Malicious URL Summary Agent": {
"main": [
[
{
"node": "Limit 1 Summary",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维, 多模态 AI
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
💥 使用NanoBanana、Seedream 4、ChatGPT Image和Veo 3自动化视频广告 - VIDE
使用AI(NanoBanana、Seedream、GPT-4o、Veo 3)自动化和发布视频广告活动
Set
Code
Wait
+16
63 节点Dr. Firas
内容创作
GPT-4驱动的冷邮件工作流,包含完全定制的3封邮件跟进
使用GPT-4、Mailgun和Supabase自动化个性化冷邮件序列
If
Set
Code
+22
100 节点Paul
客户培育
完整的 B2B 销售流程:Apollo 潜在客户生成、Mailgun 外展和 AI 回复管理
完整的 B2B 销售流程:Apollo 潜在客户生成、Mailgun 外展和 AI 回复管理
If
Set
Code
+26
116 节点Paul
内容创作
1. 播放列表详情设置机器人副本
使用 Suno、GPT-4、Runway 和 Creatomate 创建 AI 生成的 YouTube 音乐播放列表
If
Set
Code
+22
203 节点Joseph
内容创作
💥 使用NanoBanana和VEO3生成AI病毒视频,通过Blotato分享到社交平台 - 视频
使用NanoBanana和VEO3生成AI病毒视频,通过Blotato在社交媒体分享
Set
Code
Wait
+13
47 节点Dr. Firas
杂项
AI个人助理 - 任务与邮件管理
在Telegram上使用GPT-4o个人助理管理任务、邮件和日历
Set
Code
Switch
+13
40 节点Ronnie Craig
内容创作
工作流信息
难度等级
中级
节点数量13
分类2
节点类型12
作者
Michael Gullo
@mgulloI’m passionate about using n8n to create realistic workflows that help working class people simplify their daily tasks. My workflows aim to make life easier by eliminating mundane, repetitive responsibilities that take up valuable time. I love turning automation into a tool that lets people focus on what matters most to them.
外部链接
在 n8n.io 查看 →
分享此工作流