This article provides a complete, practical walkthrough of the Executecommand Mailgun Automation Webhook n8n agent. It connects HTTP Request, Webhook across approximately 1 node(s). Expect a Intermediate setup in 15-45 minutes. One‑time purchase: €29.

What This Agent Does

This agent orchestrates a reliable automation between HTTP Request, Webhook, handling triggers, data enrichment, and delivery with guardrails for errors and rate limits.

It streamlines multi‑step processes that would otherwise require manual exports, spreadsheet cleanup, and repeated API requests. By centralizing logic in n8n, it reduces context switching, lowers error rates, and ensures consistent results across teams.

Typical outcomes include faster lead handoffs, automated notifications, accurate data synchronization, and better visibility via execution logs and optional Slack/Email alerts.

How It Works

The workflow uses standard n8n building blocks like Webhook or Schedule triggers, HTTP Request for API calls, and control nodes (IF, Merge, Set) to validate inputs, branch on conditions, and format outputs. Retries and timeouts improve resilience, while credentials keep secrets safe.

Third‑Party Integrations

• HTTP Request
• Webhook

Import and Use in n8n

1. Open n8n and create a new workflow or collection.
2. Choose Import from File or Paste JSON.
3. Paste the JSON below, then click Import.
4. Show n8n JSON

   Title:  
   Automating Steam Phishing Reports with n8n: A Workflow to Alert Cloudflare and Valve
   
   Meta Description:  
   Learn how to automate phishing website detection and reporting for Steam-related scams using n8n. This workflow identifies domains using Cloudflare and alerts security teams at Valve and Cloudflare.
   
   Keywords:  
   n8n workflow, Steam phishing, Cloudflare phishing, cybersecurity automation, Mailgun API, domain verification, DNS dig, automated phishing report, security automation, Valve Software
   
   Third-party APIs used:
   
   - Mailgun API (for sending email alerts)
   - DNS Services (via dig command-line tool, not via an HTTP API)
   
   —
   
   Article:
   
   Tackling Steam Phishing Websites with Automation: An n8n Workflow Walkthrough
   
   Steam phishing scams continue to threaten users by mimicking login portals to steal credentials. As bad actors evolve, so too must our strategies for detection and response. This article presents a practical, automated approach using n8n—a powerful workflow automation tool—to report phishing websites that spoof Steam’s branding and functionality.
   
   With just a domain name input, this workflow checks whether the suspected domain exists, verifies if it is hosted on Cloudflare, and notifies the appropriate security teams at Valve (Steam) and Cloudflare. Let’s explore how this works step-by-step.
   
   Workflow Overview
   
   Named “Steam + CF Report,” this n8n workflow receives user-submitted domain names through a secured webhook and proceeds to verify and report malicious domains based on DNS analysis. The core operations include:
   
   - Input validation
   - DNS querying with dig
   - Cloudflare usage check
   - Alert dispatch via email using Mailgun API
   
   Let’s break down how each part functions.
   
   Step 1: Capturing Input with a Webhook
   
   The first node is a Webhook that listens for POST or GET requests at the endpoint /steam. It uses basic authentication to ensure that only authorized sources can submit requests. The suspicious domain name is expected as a query parameter identified by q.
   
   This approach enables seamless integration with external tools, scripts, or even browser plugins that submit phishing domains directly from where they are detected.
   
   Step 2: Input Validation and Tool Setup
   
   Before querying DNS records, the workflow performs input validation using a regular expression to ensure that the submitted domain is syntactically valid (letters, numbers, dashes, underscores, and periods).
   
   Once validated, it attempts to install the bind-tools package—which includes the dig utility—using an executeCommand node. This is a preventive step on containerized environments (such as those used in Docker) where dig might not be available by default.
   
   Step 3: Verifying Domain Validity
   
   With dig installed, the workflow checks whether the supplied domain has valid DNS name servers using:
   
   dig NS domain.com +short
   
   If it returns one or more nameserver entries, the domain is considered live and resolvable. Otherwise, the process ends early, since reporting an invalid or non-existent domain would be redundant.
   
   Step 4: Determining Hosting Provider
   
   If the domain exists, another dig command is used to see if the domain is served by Cloudflare. It runs the following:
   
   dig NS domain.com +short | grep cloudflare.com. | wc -l
   
   If the output is greater than 0, it indicates that the name servers belong to Cloudflare, suggesting the site uses its services.
   
   Step 5: Email Alerts via Mailgun API
   
   Based on the result of the Cloudflare check, the workflow uses Mailgun to send custom email alerts to the appropriate parties.
   
   - If the domain uses Cloudflare, an email is dispatched to security@cloudflare.com with the domain details.
   - Regardless of hosting provider, an email is sent to security@valvesoftware.com to inform Steam's security team about the phishing site.
   
   Both emails include a subject line with the domain name and a simple message body flagging the site as a possible phishing threat.
   
   The modularity of this system makes it easy to expand—to check for other CDN providers, log incidents into an internal database, or ramp up notification mechanisms via Slack, Telegram, or ticketing systems.
   
   Key Advantages
   
   1. Automated Response  
   Manual phishing reporting can be tedious. By automating detection and dispatch, responders can focus on monitoring outcomes and false positives.
   
   2. Scalability  
   This system easily scales to accept input from browser plugins, honeypots, or other anti-phishing systems that can feed URLs programmatically.
   
   3. Cloud-Agnostic Intelligence  
   The reliance on DNS data makes this solution agnostic to hosting technologies—so long as an attacker uses public DNS, this system can detect them.
   
   4. Minimal API Overhead  
   Mailgun API is the only third-party API involved, with all domain checks done through native Linux utilities like dig.
   
   Final Thoughts
   
   This n8n workflow is a great example of how low-code automation tools can fortify cybersecurity workflows. It showcases a meaningful intersection of DevOps, security, and automation.
   
   By leveraging open-source tools and minimal external dependencies, teams can deploy it within internal environments or integrate it into broader security platforms. Armed with this system, professionals and enthusiasts alike can contribute to reducing the lifespan and impact of phishing campaigns in the world of online gaming.
   
   For developers looking to expand on this, consider implementing Slack notifications, webhook logs, or even integrating a threat feed for known compromised domains.
   
   Remember: The more we automate responsible disclosure, the faster the internet becomes a safer place.

5. Set credentials for each API node (keys, OAuth) in Credentials.
6. Run a test via Execute Workflow. Inspect Run Data, then adjust parameters.
7. Enable the workflow to run on schedule, webhook, or triggers as configured.

Tips: keep secrets in credentials, add retries and timeouts on HTTP nodes, implement error notifications, and paginate large API fetches.

Validation: use IF/Code nodes to sanitize inputs and guard against empty payloads.

Why Automate This with AI Agents

AI‑assisted automations offload repetitive, error‑prone tasks to a predictable workflow. Instead of manual copy‑paste and ad‑hoc scripts, your team gets a governed pipeline with versioned state, auditability, and observable runs.

n8n’s node graph makes data flow transparent while AI‑powered enrichment (classification, extraction, summarization) boosts throughput and consistency. Teams reclaim time, reduce operational costs, and standardize best practices without sacrificing flexibility.

Compared to one‑off integrations, an AI agent is easier to extend: swap APIs, add filters, or bolt on notifications without rewriting everything. You get reliability, control, and a faster path from idea to production.

Best Practices

• Credentials: restrict scopes and rotate tokens regularly.
• Resilience: configure retries, timeouts, and backoff for API nodes.
• Data Quality: validate inputs; normalize fields early to reduce downstream branching.
• Performance: batch records and paginate for large datasets.
• Observability: add failure alerts (Email/Slack) and persistent logs for auditing.
• Security: avoid sensitive data in logs; use environment variables and n8n credentials.

FAQs

Can I swap integrations later? Yes. Replace or add nodes and re‑map fields without rebuilding the whole flow.

How do I monitor failures? Use Execution logs and add notifications on the Error Trigger path.

Does it scale? Use queues, batching, and sub‑workflows to split responsibilities and control load.

Is my data safe? Keep secrets in Credentials, restrict token scopes, and review access logs.