Automated Steam Phishing Detection and Reporting Workflow
detail.loadingPreview
This n8n workflow automatically detects potential Steam phishing websites and initiates reporting to Cloudflare and Valve. It validates domain presence and checks for Cloudflare DNS records to trigger alerts.
About This Workflow
The 'Steam + CF Report' workflow is designed to proactively identify and report suspicious domains impersonating Steam. Upon receiving a domain name via a webhook, the workflow first validates its format. It then checks for the existence of DNS nameservers and specifically queries for Cloudflare NS records. If a domain is confirmed to be using Cloudflare and potentially linked to phishing, automated emails are dispatched to security@cloudflare.com and security@valvesoftware.com. This helps accelerate the takedown of malicious sites and protect users from credential theft. The workflow includes steps to ensure necessary tools like dig are available.
Key Features
- Automated Domain Validation: Verifies input domain format using regular expressions.
- DNS Record Checking: Utilizes
digto check for domain nameservers and Cloudflare presence. - Targeted Email Alerts: Automatically sends phishing reports to Cloudflare and Valve security teams.
- Robust Error Handling: Includes retry mechanisms for external command execution.
- Webhook Integration: Easily integrates with external systems to trigger the workflow.
How To Use
- Configure Webhook: Set up the
Webhooknode with your desiredpath(e.g.,steam-phish) andauthenticationmethod. Ensure your external system sends the domain name in theqquery parameter. - Install Dependencies: The
Add bind-toolsnode ensuresdigis available. It runswhich dig || apk add bind-toolsto install if needed. You might need to adjust this for your specific OS if not using an Alpine-based image. - Domain Validation (IF1): The first
IFnode checks if the incoming query (q) is a valid domain-like string. If not, the workflow stops. - Nameserver Check (dig check if domain is valid & If it has nameservers): The workflow then checks if the domain has any NS records. If it returns more than 0, it proceeds.
- Cloudflare Check (dig check CF & IF): The
dig check CFnode specifically checks for Cloudflare NS records. The subsequentIFnode determines if the result indicates Cloudflare usage (assuming a count > 0 signifies this). - Send Alerts: If Cloudflare is detected (
IFcondition met), theMail CloudFlarenode sends a report to Cloudflare. TheMail Steamnode sends a report to Valve, regardless of the Cloudflare check (as per workflow logic, though this could be refined). - Configure Email Credentials: Set up your
Mailguncredentials in n8n and update thefromEmail,toEmail(for non-Cloudflare specific reports), andccEmailfields in theMail CloudFlareandMail Steamnodes.
Apps Used
Workflow JSON
{
"id": "5976667f-3cb5-40b0-87d6-aa99e67ff349",
"name": "Automated Steam Phishing Detection and Reporting Workflow",
"nodes": 13,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 5976667f-3cb5...
About the Author
Free n8n Workflows Official
System Admin
The official repository for verified enterprise-grade workflows.
Statistics
Related Workflows
Discover more workflows you might like
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.
Visualize Your n8n Workflows: Interactive Dashboard with Mermaid.js
Gain unparalleled visibility into your n8n automation landscape. This workflow transforms your n8n instance into a dynamic, interactive dashboard, leveraging Mermaid.js to visualize all your workflows in one accessible place.