n8n templatesn8n templates

Steam + CF Report

This workflow receives domain query requests via Webhook, automatically verifies the domain format and DNS records, checks whether it is using Cloudflare services, and promptly sends alert emails to the Cloudflare and Steam security teams based on the results. It integrates command-line tools for domain resolution, ensuring data accuracy and logical rigor, effectively assisting the cybersecurity team in quickly identifying and reporting potential phishing websites, enhancing the response efficiency to phishing threats, and protecting user asset security.

Workflow Diagram

No Workflow Diagram

Workflow Name

Steam + CF Report

Key Features and Highlights

This workflow receives domain query requests via Webhook, automatically validates the domain format and its DNS records, checks whether the domain is using Cloudflare’s network services, and based on the detection results, automatically sends alert emails to the Cloudflare security team and the official Steam security mailbox. The workflow integrates the command-line tool bind-tools for domain resolution and employs conditional nodes to implement multi-level verification, ensuring data accuracy and robust processing logic.

Core Problems Addressed

To combat phishing websites impersonating the Steam brand, this workflow rapidly detects whether the submitted domain is valid and whether it uses Cloudflare as its DNS provider, thereby assessing its risk level. It promptly notifies relevant security teams of potential phishing domains, aiding in the fight against phishing attacks and protecting user assets.

Application Scenarios

  • Rapid identification and reporting of Steam phishing sites by cybersecurity monitoring teams
  • Automated response to potentially malicious domains by cloud security service providers
  • Enhanced phishing threat response efficiency through automation in enterprise internal security operations
  • Automated collection and reporting of phishing threat information by anti-phishing projects or communities

Main Process Steps

  1. Receive requests containing query domains via Webhook, with support for basic authentication to secure the interface.
  2. Validate the input domain format and filter out illegal characters.
  3. Install and invoke the dig command from bind-tools to check if the domain has valid DNS servers.
  4. Determine whether the domain uses Cloudflare’s DNS services.
  5. If the domain is within the Cloudflare network, send a phishing alert email to the Cloudflare security mailbox.
  6. Regardless of Cloudflare usage, send an alert email to the official Steam security mailbox.
  7. Support retry and fault tolerance during processing to ensure stable workflow operation.

Involved Systems or Services

  • n8n automation platform
  • Webhook service (custom path and basic authentication)
  • bind-tools command-line utility (dig command)
  • Mailgun email service (for sending alert emails)
  • Cloudflare security team mailbox (security@cloudflare.com)
  • Official Steam security mailbox (security@valvesoftware.com)

Target Users and Value

  • Cybersecurity analysts and automation engineers can quickly establish an automated phishing detection and reporting mechanism.
  • Cloud security service providers can enhance their clients’ security response automation.
  • Anti-phishing communities and security product developers can improve phishing threat detection and handling through automation.
  • Enterprise security teams can monitor brand-related phishing risks and take timely protective measures.

This workflow integrates multi-layer verification and automated alerting to help users efficiently manage phishing domain risks and strengthen network security defenses.