Domain AI Analysis via Telegram, AbuseCH and VirusTotal Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries VirusTotal, AbuseCH URLHaus, and AbuseCH ThreatFox, then uses Gemini AI to generate a formatted summary with key findings, assessment/analysis, and actionable recommendations. Note: Currently supports domains only. VirusTotal is widely known, so there’s no need for further explanation. AbuseCH, on the other hand, is

Domain AI Analysis via Telegram, AbuseCH and VirusTotal Workflow Description This workflow allows Telegram users to submit a domain for quick threat intelligence analysis. It queries VirusTotal, AbuseCH URLHaus, and AbuseCH ThreatFox, then uses Gemini AI to generate a formatted summary with key findings, assessment/analysis, and actionable recommendations. Note: Currently supports domains only. VirusTotal is widely known, so there’s no need for further explanation. AbuseCH, on the other hand, is a well‑known community threat intelligence project that focuses on tracking and sharing indicators related to malware, botnets, and other malicious activities. Who is this for? For SOC analysts, threat hunters, security engineers, or anyone needing instant domain reputation checks via Telegram. Delivers quick IOC validation with AI analysis and recommendations. Prerequisites: Telegram: Token and bot are needed Follow the instructions here Telegram Bot Creation VirusTotal: API Key is needed Community addition is enough VirusTotal API AbuseCH URLhaus: API Key is needed AbuseCH URLhaus API AbuseCH ThreatFox: API Key is needed AbuseCH ThreatFox API Gemini AI: API key is needed Gemini API Nodes Configuration Telegram Trigger add your credentials (token) it is recomended to set up the restricted Chat-ID OR/AND User-ID option VirusTotal, ThreatFox, URLHaus HTTP Requests For each one of the nodes, add your credentials Message an AI Model (Gemini) Set the model (tested with Gemini 3 Flash) Set your credentials (token) Referencese: VirusTotal API AbuseCH URLhaus API AbuseCH ThreatFox API Telegram Bot & Token Creation Gemini API Disclaimer This was tested and built on self hosted Community node Treat output with caution—always validate independently. False positives/negatives can occur. Tested with Gemini 3 Flash Ai model
Download the workflow JSON file after purchase.
Open n8n → click the menu → Import from File.
Select the downloaded JSON and import.
Set up credentials for each node that requires them.
Click Execute Workflow to test, then activate.
Setup guide included
Purchase to unlock the full step-by-step guide
No reviews yet
Be the first to buy and share your experience.
Leave a review
Sign in to share your experience with this workflow.
Create a free account to purchase workflows.
Need help setting this up?
Book a 3-hour live setup session with an Agility consultant.