HumationHuman + Automation
Back to Catalog

Check suspicious links via Telegram with GPT-4 analysis of VirusTotal & urlscan.io results

Michael GulloMichael Gullo
599 views
2/3/2026
GitHubGoogle SheetsCommit AnalysisWebhookOpenAI
Official Page

Workflow Purpose

The workflow is designed to scan submitted URLs using urlscan.io and VirusTotal, combine the results into a single structured summary, and send the report via Telegram.

I built this workflow for people who primarily work from their phones and receive a constant stream of emails throughout the day. If a user gets an email asking them to sign a document, review a report, or take any action where the link looks suspicious, they can simply open the Telegram bot and quickly check whether the URL is safe before clicking it.

Key Components

1. Input / Trigger

  • Accepts URLs that need to be checked.
  • Initiates requests to VirusTotal and urlscan.io.

2. VirusTotal Scan

  • Always returns results if the URL is reachable.
  • Provides reputation, malicious/clean flags, and scan metadata.

3. urlscan.io Scan

  • Returns details on how the URL behaves when loaded (domains, requests, resources, etc.).
  • Sometimes fails due to blocks or restrictions.

4. Error Handling with Code Node

  • Checks whether urlscan.io responded successfully.
  • Ensures the workflow always produces a summary, even if urlscan.io fails.

5. Summary Generation

  • If both scans succeed → summarize combined findings from VirusTotal + urlscan.io.
  • If urlscan.io fails → state clearly in the summary “urlscan.io scan was blocked/failed. Relying on VirusTotal results.”
  • Ensures user still gets a complete security report.

6. Telegram Output

  • Final formatted summary is delivered to a Telegram chat via the bot.
  • Chat ID issue was fixed after the Code Node restructuring.

Outcome

  • The workflow now guarantees a consistent, user-friendly summary regardless of urlscan.io failures.
  • It leverages VirusTotal as the fallback source of truth.
  • The Telegram bot provides real-time alerts with clear indications of scan success/failure.

Prequisites

Telegram

  • In Telegram, start a chat with @BotFather.
  • Send /newbot, pick a name and a unique username.
  • Copy the HTTP API token BotFather returns (store securely)
  • Start a DM with your bot and send any message.
  • Call getUpdates and read the chat.id

urlscan.io

  • Create/log into your urlscan.io account.
  • Go to Settings & API → New API key and generate a key.
  • (Recommended) In Settings & API, set Default Scan Visibility to Unlisted to avoid exposing PII in public scans.
  • Save the key securely (env var or n8n Credentials).
  • Rate limits note: urlscan.io enforces per-minute/hour/day quotas; exceeding them returns HTTP 429. You can view your personal quotas on their dashboard/quotas endpoint

Virustotal

  • Sign up / sign in to VirusTotal Community.
  • Open My API key (Profile menu) and copy your Public API key.
  • Store it securely (env var or n8n Credentials).
  • For a more reliable connection with VirusTotal and improved scanning results, enable the Header section in the node settings. Add a header parameter with a clear name (e.g., x-apikey), and then paste your API key into the Value field.
  • Rate limits (Public API): 4 requests/minute, 500/day; not for commercial workflows. Consider Premium if you’ll exceed this.
How to Customize the Workflow

This workflow is designed to be highly customizable, allowing users to adapt it to their specific needs and use cases. For example, additional malicious website scanners can be integrated through HTTP Request nodes. To make this work, the user simply needs to update the Merge node so that all information flows correctly through the workflow.

In addition, users can connect either Gmail or Outlook nodes to automatically test URLs, binary attachments, and other types of information received via email—helping them evaluate data before opening it.

Users can also customize how they receive reports. For instance, results can be sent through Telegram (as in the default setup), Slack, Microsoft Teams, or even saved to Google Drive or a Google Sheet for recordkeeping and audit purposes.

For consulting and support, or if you have questions, please feel free to connect with me on Linkedin or via email.

n8n Workflow: Telegram Link Analysis with GPT-4, VirusTotal, and urlscan.io

This n8n workflow provides a powerful tool for analyzing suspicious links shared via Telegram. It leverages the capabilities of GPT-4 for intelligent analysis, integrates with VirusTotal for malware detection, and uses urlscan.io for detailed website scanning.

What it does

This workflow automates the following steps:

  1. Listens for Telegram Messages: It acts as a Telegram bot, waiting for incoming messages containing URLs.
  2. Extracts URLs: Upon receiving a message, it identifies and extracts any URLs present in the text.
  3. Scans with urlscan.io: Each extracted URL is submitted to urlscan.io for a comprehensive scan, providing details about the website's behavior and potential threats.
  4. Analyzes with VirusTotal (Implicit): Although not explicitly shown in the provided JSON, the typical use case for such a workflow would involve also querying VirusTotal for the URL's reputation and associated threats. (This would require an additional HTTP Request node or a dedicated VirusTotal node if available).
  5. Generates GPT-4 Summary: The results from urlscan.io (and potentially VirusTotal) are then fed into a GPT-4 AI Agent. This agent is configured to summarize the findings, highlight suspicious elements, and provide an overall assessment of the link's safety.
  6. Sends Analysis to Telegram: The GPT-4 generated summary and analysis are then sent back to the original Telegram chat, providing the user with an informed decision about the link.
  7. Logs to Google Sheets (Optional): The workflow includes a Google Sheets node, suggesting it can optionally log the analyzed links, their results, and the GPT-4 summary for record-keeping or further analysis.

Prerequisites/Requirements

To use this workflow, you will need:

  • n8n Instance: A running n8n instance (self-hosted or cloud).
  • Telegram Bot Token: A Telegram bot token obtained from BotFather.
  • urlscan.io API Key: An API key for urlscan.io.
  • OpenAI API Key: An API key for OpenAI (specifically for GPT-4 access).
  • Google Account: For the Google Sheets integration (if you choose to use it for logging).

Setup/Usage

  1. Import the workflow: Download the workflow JSON and import it into your n8n instance.
  2. Configure Credentials:
    • Telegram Trigger: Set up your Telegram Bot credential.
    • urlscan.io: Set up your urlscan.io API key credential.
    • OpenAI Chat Model: Configure your OpenAI API key credential.
    • Google Sheets: Set up your Google Sheets credential if you plan to use the logging feature.
  3. Activate the workflow: Once all credentials are set, activate the workflow.
  4. Send a link to your Telegram Bot: Send a message containing a URL to your configured Telegram bot. The bot will then process the link and respond with an analysis.
  5. (Optional) Configure Google Sheets: If using the Google Sheets node, ensure it points to the correct spreadsheet and sheet name for logging.

This workflow provides a robust and intelligent way to screen suspicious links, enhancing security and awareness directly within your Telegram conversations.

Related Templates

Automate Dutch Public Procurement Data Collection with TenderNed

TenderNed Public Procurement What This Workflow Does This workflow automates the collection of public procurement data from TenderNed (the official Dutch tender platform). It: Fetches the latest tender publications from the TenderNed API Retrieves detailed information in both XML and JSON formats for each tender Parses and extracts key information like organization names, titles, descriptions, and reference numbers Filters results based on your custom criteria Stores the data in a database for easy querying and analysis Setup Instructions This template comes with sticky notes providing step-by-step instructions in Dutch and various query options you can customize. Prerequisites TenderNed API Access - Register at TenderNed for API credentials Configuration Steps Set up TenderNed credentials: Add HTTP Basic Auth credentials with your TenderNed API username and password Apply these credentials to the three HTTP Request nodes: "Tenderned Publicaties" "Haal XML Details" "Haal JSON Details" Customize filters: Modify the "Filter op ..." node to match your specific requirements Examples: specific organizations, contract values, regions, etc. How It Works Step 1: Trigger The workflow can be triggered either manually for testing or automatically on a daily schedule. Step 2: Fetch Publications Makes an API call to TenderNed to retrieve a list of recent publications (up to 100 per request). Step 3: Process & Split Extracts the tender array from the response and splits it into individual items for processing. Step 4: Fetch Details For each tender, the workflow makes two parallel API calls: XML endpoint - Retrieves the complete tender documentation in XML format JSON endpoint - Fetches metadata including reference numbers and keywords Step 5: Parse & Merge Parses the XML data and merges it with the JSON metadata and batch information into a single data structure. Step 6: Extract Fields Maps the raw API data to clean, structured fields including: Publication ID and date Organization name Tender title and description Reference numbers (kenmerk, TED number) Step 7: Filter Applies your custom filter criteria to focus on relevant tenders only. Step 8: Store Inserts the processed data into your database for storage and future analysis. Customization Tips Modify API Parameters In the "Tenderned Publicaties" node, you can adjust: offset: Starting position for pagination size: Number of results per request (max 100) Add query parameters for date ranges, status filters, etc. Add More Fields Extend the "Splits Alle Velden" node to extract additional fields from the XML/JSON data, such as: Contract value estimates Deadline dates CPV codes (procurement classification) Contact information Integrate Notifications Add a Slack, Email, or Discord node after the filter to get notified about new matching tenders. Incremental Updates Modify the workflow to only fetch new tenders by: Storing the last execution timestamp Adding date filters to the API query Only processing publications newer than the last run Troubleshooting No data returned? Verify your TenderNed API credentials are correct Check that you have setup youre filter proper Need help setting this up or interested in a complete tender analysis solution? Get in touch 🔗 LinkedIn – Wessel Bulte

Wessel BulteBy Wessel Bulte
247

AI multi-agent executive team for entrepreneurs with Gemini, Perplexity and WhatsApp

This workflow is an AI-powered multi-agent system built for startup founders and small business owners who want to automate decision-making, accountability, research, and communication, all through WhatsApp. The “virtual executive team,” is designed to help small teams to work smarter. This workflow sends you market analysis, market and sales tips, It can also monitor what your competitors are doing using perplexity (Research agent) and help you stay a head, or make better decisions. And when you feeling stuck with your start-up accountability director is creative enough to break the barrier 🎯 Core Features 🧑‍💼 1. President (Super Agent) Acts as the main controller that coordinates all sub-agents. Routes messages, assigns tasks, and ensures workflow synchronization between the AI Directors. 📊 2. Sales & Marketing Director Uses SerpAPI to search for market opportunities, leads, and trends. Suggests marketing campaigns, keywords, or outreach ideas. Can analyze current engagement metrics to adjust content strategy. 🕵️‍♀️ 3. Business Research Director Powered by Perplexity AI for competitive and market analysis. Monitors competitor moves, social media engagement, and product changes. Provides concise insights to help the founder adapt and stay ahead. ⏰ 4. Accountability Director Keeps the founder and executive team on track. Sends motivational nudges, task reminders, and progress reports. Promotes consistency and discipline — key traits for early-stage success. 🗓️ 5. Executive Secretary Handles scheduling, email drafting, and reminders. Connects with Google Calendar, Gmail, and Sheets through OAuth. Automates follow-ups, meeting summaries, and notifications directly via WhatsApp. 💬 WhatsApp as the Main Interface Interact naturally with your AI team through WhatsApp Business API. All responses, updates, and summaries are delivered to your chat. Ideal for founders who want to manage operations on the go. ⚙️ How It Works Trigger: The workflow starts from a WhatsApp Trigger node (via Meta Developer Account). Routing: The President agent analyzes the incoming message and determines which Director should handle it. Processing: Marketing or sales queries go to the Sales & Marketing Director. Research questions are handled by the Business Research Director. Accountability tasks are assigned to the Accountability Director. Scheduling or communication requests are managed by the Secretary. Collaboration: Each sub-agent returns results to the President, who summarizes and sends the reply back via WhatsApp. Memory: Context is maintained between sessions, ensuring personalized and coherent communication. 🧩 Integrations Required Gemini API – for general intelligence and task reasoning Supabase- for RAG and postgres persistent memory Perplexity API – for business and competitor analysis SerpAPI – for market research and opportunity scouting Google OAuth – to connect Sheets, Calendar, and Gmail WhatsApp Business API – for message triggers and responses 🚀 Benefits Acts like a team of tireless employees available 24/7. Saves time by automating research, reminders, and communication. Enhances accountability and strategy consistency for founders. Keeps operations centralized in a simple WhatsApp interface. 🧰 Setup Steps Create API credentials for: WhatsApp (via Meta Developer Account) Gemini, Perplexity, and SerpAPI Google OAuth (Sheets, Calendar, Gmail) Create a supabase account at supabase Add the credentials in the corresponding n8n nodes. Customize the system prompts for each Director based on your startup’s needs. Activate and start interacting with your virtual executive team on WhatsApp. Use Case You are a small organisation or start-up that can not afford hiring; marketing department, research department and secretar office, then this workflow is for you 💡 Need Customization? Want to tailor it for your startup or integrate with CRM tools like Notion or HubSpot? You can easily extend the workflow or contact the creator for personalized support. Consider adjusting the system prompt to suite your business

ShadrackBy Shadrack
331

🎓 How to transform unstructured email data into structured format with AI agent

This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From – sender’s email address To – recipient’s email address Subject – email subject line Summary – short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits ✅ Full Automation: Eliminates manual reading and data entry from incoming emails. ✅ Multi-Source Integration: Handles data from different email providers seamlessly. ✅ AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. ✅ Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. ✅ Time Efficiency: Processes emails in real time, improving productivity and response speed. *✅ Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.

DavideBy Davide
1616