workflows.fit
Back to n8n workflows
n8n templateFreeBy MaTns

Analyze domain threats via Telegram with VirusTotal, AbuseCH, and Gemini AI

![WorkFlow.png](fileId:4544) Domain AI Analysis via Telegram, AbuseCH and VirusTotal Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries Virus...

DevelopmentCore NodesCommunicationHITLAILangchainHttp RequestTelegram Trigger
Loading interactive preview...

Template notes

![WorkFlow.png](fileId:4544)

Domain AI Analysis via Telegram, AbuseCH and VirusTotal

Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries VirusTotal, AbuseCH URLHaus, and AbuseCH ThreatFox, then uses Gemini AI to generate a formatted summary with key findings, assessment/analysis, and actionable recommendations. Note: Currently supports domains only.

VirusTotal is widely known, so there’s no need for further explanation. AbuseCH, on the other hand, is a well‑known community threat intelligence project that focuses on tracking and sharing indicators related to malware, botnets, and other malicious activities.

Who is this for? For SOC analysts, threat hunters, security engineers, or anyone needing instant domain reputation checks via Telegram. Delivers quick IOC validation with AI analysis and recommendations.

Prerequisites: Telegram: Token and bot are needed Follow the instructions here [Telegram Bot Creation](https://core.telegram.org/bots/tutorialobtain-your-bot-token)

VirusTotal: API Key is needed Community addition is enough [VirusTotal API](https://docs.virustotal.com/docs/api-overview)

AbuseCH URLhaus: API Key is needed [AbuseCH URLhaus API](https://urlhaus-api.abuse.ch/)