Steam + CF Report

Steam workflow automates the detection and reporting of phishing websites by integrating webhook triggers with command execution and email notifications. It checks domain validity and Cloudflare presence, ensuring timely alerts to both Cloudflare and Steam security teams, enhancing online safety.

7/8/2025
9 nodes
Medium
webhookmediumexecutecommandmailgunintegrationapilogicconditional
Categories:
Webhook TriggeredMedium Workflow
Integrations:
ExecuteCommandMailgun

Target Audience

Target Audience


- Security Analysts: Individuals responsible for monitoring and responding to security threats in organizations.
- IT Administrators: Professionals managing network infrastructure and ensuring domain integrity.
- Developers: Those looking to automate domain validation and phishing detection processes.
- Cybersecurity Teams: Groups focused on identifying and mitigating phishing attacks targeting platforms like Steam.

Problem Solved

Problem Solved


This workflow addresses the challenge of detecting and reporting phishing websites that impersonate Steam. By automating the process of querying DNS records and validating domains, it helps organizations swiftly identify potential threats and alert the relevant parties, thereby enhancing their security posture.

Workflow Steps

Workflow Steps


1. Webhook Trigger: The workflow is initiated via a webhook when a request is received, containing the domain to be checked.
2. Input Validation: The domain is validated against a regex pattern to ensure it is in a proper format.
3. Install Necessary Tools: If the input is valid, the workflow attempts to install bind-tools, which includes necessary command-line utilities for DNS querying.
4. Domain Nameserver Check: The workflow checks if the provided domain has any nameservers configured. If nameservers are found, it proceeds to the next step.
5. Cloudflare Check: The workflow queries the nameservers for the domain to see if it is associated with Cloudflare, indicating potential phishing activity.
6. Conditional Notifications: If the domain is identified as using Cloudflare, an email alert is sent to Cloudflare’s security team. Additionally, a notification is sent to Valve Software’s security team if the domain is deemed suspicious.
7. Error Handling: The workflow includes retry mechanisms for command execution, ensuring resilience in case of temporary failures.

Customization Guide

Customization Guide


- Modify Email Recipients: Update the toEmail and ccEmail fields in the Mailgun nodes to direct notifications to different security teams or individuals.
- Adjust Command Parameters: Users can tailor the commands executed in the ExecuteCommand nodes to include additional checks or different DNS queries based on their needs.
- Change Alert Messages: Customize the text and subject of the email alerts to reflect your organization's tone or include more specific information about the phishing threat.
- Add Additional Conditions: Enhance the workflow by introducing more complex conditions or additional nodes to further filter or process the data before sending alerts.