id: dns-waf-detect info: name: DNS WAF Detection author: lu4nx description: A DNS WAF was detected. severity: info tags: tech,waf,dns classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cve-id: cwe-id: CWE-200 dns: - name: "{{FQDN}}" type: CNAME - name: "{{FQDN}}" type: NS matchers: - type: word name: sanfor-shield words: - ".sangfordns.com" - type: word name: 360panyun words: - ".360panyun.com" - type: word name: baiduyun words: - ".yunjiasu-cdn.net" - type: word name: chuangyudun words: - ".365cyd.cn" - ".cyudun.net" - type: word name: knownsec words: - ".jiashule.com" - ".jiasule.org" - type: word name: huaweicloud words: - ".huaweicloudwaf.com" - type: word name: xinliuyun words: - ".ngaagslb.cn" - type: word name: chinacache words: - ".chinacache.net" - ".ccgslb.net" - type: word name: nscloudwaf words: - ".nscloudwaf.com" - type: word name: wangsu words: - ".wsssec.com" - ".lxdns.com" - ".wscdns.com" - ".cdn20.com" - ".cdn30.com" - ".ourplat.net" - ".wsdvs.com" - ".wsglb0.com" - ".wswebcdn.com" - ".wswebpic.com" - ".wsssec.com" - ".wscloudcdn.com" - ".mwcloudcdn.com" - type: word name: qianxin words: - ".360safedns.com" - ".360cloudwaf.com" - type: word name: baiduyunjiasu words: - ".yunjiasu-cdn.net" - type: word name: anquanbao words: - ".anquanbao.net" - type: regex name: aliyun regex: - '\.w\.kunlun\w{2,3}\.com' - type: regex name: aliyun-waf regex: - '\.aliyunddos\d+\.com' - '\.aliyunwaf\.com' - '\.aligaofang\.com' - '\.aliyundunwaf\.com' - type: word name: xuanwudun words: - ".saaswaf.com" - ".dbappwaf.cn" - type: word name: yundun words: - ".hwwsdns.cn" - ".yunduncname.com" - type: word name: knownsec-ns words: - ".jiasule.net" - type: word name: chuangyudun words: - ".365cyd.net" - type: word name: qianxin words: - ".360wzb.com" - type: word name: anquanbao words: - ".anquanbao.com" - type: word name: wangsu words: - ".chinanetcenter.com" - type: word name: baiduyunjiasue words: - ".ns.yunjiasu.com" - type: word name: chinacache words: - ".chinacache.com" - type: word name: cloudflare words: - "ns.cloudflare.com" - type: word name: edns words: - ".iidns.com" # Enhanced by mp on 2022/03/13