Analyze domain threats via Telegram with VirusTotal, AbuseCH, and Gemini AI
 Domain AI Analysis via Telegram, AbuseCH and VirusTotal Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries Virus...
Template notes

Domain AI Analysis via Telegram, AbuseCH and VirusTotal
Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries VirusTotal, AbuseCH URLHaus, and AbuseCH ThreatFox, then uses Gemini AI to generate a formatted summary with key findings, assessment/analysis, and actionable recommendations. Note: Currently supports domains only.
VirusTotal is widely known, so there’s no need for further explanation. AbuseCH, on the other hand, is a well‑known community threat intelligence project that focuses on tracking and sharing indicators related to malware, botnets, and other malicious activities.
Who is this for? For SOC analysts, threat hunters, security engineers, or anyone needing instant domain reputation checks via Telegram. Delivers quick IOC validation with AI analysis and recommendations.
Prerequisites: Telegram: Token and bot are needed Follow the instructions here [Telegram Bot Creation](https://core.telegram.org/bots/tutorialobtain-your-bot-token)
VirusTotal: API Key is needed Community addition is enough [VirusTotal API](https://docs.virustotal.com/docs/api-overview)
AbuseCH URLhaus: API Key is needed [AbuseCH URLhaus API](https://urlhaus-api.abuse.ch/)