id: dns-waf-detect info: name: DNS WAF Detection author: lu4nx severity: info description: A DNS WAF was detected. classification: cwe-id: CWE-200 metadata: max-request: 2 tags: tech,waf,dns dns: - name: "{{FQDN}}" type: CNAME - name: "{{FQDN}}" type: NS matchers: - type: word part: answer name: sanfor-shield words: - ".sangfordns.com" - type: word part: answer name: 360panyun words: - ".360panyun.com" - type: word part: answer name: baiduyun words: - ".yunjiasu-cdn.net" - type: word part: answer name: chuangyudun words: - ".365cyd.cn" - ".cyudun.net" - type: word part: answer name: knownsec words: - ".jiashule.com" - ".jiasule.org" - type: word part: answer name: huaweicloud words: - ".huaweicloudwaf.com" - type: word part: answer name: xinliuyun words: - ".ngaagslb.cn" - type: word part: answer name: chinacache words: - ".chinacache.net" - ".ccgslb.net" - type: word part: answer name: nscloudwaf words: - ".nscloudwaf.com" - type: word part: answer name: wangsu words: - ".wsssec.com" - ".lxdns.com" - ".wscdns.com" - ".cdn20.com" - ".cdn30.com" - ".ourplat.net" - ".wsdvs.com" - ".wsglb0.com" - ".wswebcdn.com" - ".wswebpic.com" - ".wsssec.com" - ".wscloudcdn.com" - ".mwcloudcdn.com" - type: word part: answer name: qianxin words: - ".360safedns.com" - ".360cloudwaf.com" - type: word part: answer name: baiduyunjiasu words: - ".yunjiasu-cdn.net" - type: word part: answer name: anquanbao words: - ".anquanbao.net" - type: regex name: aliyun regex: - '\.w\.kunlun\w{2,3}\.com' - type: regex name: aliyun-waf regex: - '\.aliyunddos\d+\.com' - '\.aliyunwaf\.com' - '\.aligaofang\.com' - '\.aliyundunwaf\.com' - type: word part: answer name: xuanwudun words: - ".saaswaf.com" - ".dbappwaf.cn" - type: word part: answer name: yundun words: - ".hwwsdns.cn" - ".yunduncname.com" - type: word part: answer name: knownsec-ns words: - ".jiasule.net" - type: word part: answer name: chuangyudun words: - ".365cyd.net" - type: word part: answer name: qianxin words: - ".360wzb.com" - type: word part: answer name: anquanbao words: - ".anquanbao.com" - type: word part: answer name: wangsu words: - ".chinanetcenter.com" - type: word part: answer name: baiduyunjiasue words: - ".ns.yunjiasu.com" - type: word part: answer name: chinacache words: - ".chinacache.com" - type: word part: answer name: cloudflare words: - "ns.cloudflare.com" - type: word part: answer name: edns words: - ".iidns.com" - type: word part: answer name: ksyun words: - ".ksyunwaf.com" # digest: 490a00463044022005bf81b04ee9a74169b2ea8baf29b776c3da72d7bf13cdf16f62a84baa003daf0220758d7619504e7c6a45cc29f1e7f3c71f7cbba93b4444cf419ddc9b01d486d265:922c64590222798bb761d5b6d8e72950