Instruction: Old domain hosting several internally used services and domain for our internal network (also in the process of being phased out)
Integrity requirements: medium
Max severity: critical
Asset identifier: acme-challenge.nl
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used to fulfill the acme challenge type of let's encrypt in an aggregated place. This way there's only one domain to manage for all acme challenges
Integrity requirements: medium
Max severity: critical
Asset identifier: devmaximum.com
Asset type: URL
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: devmaximum.com is only used internally for 2 domains. hence it's impact is fairly minor
Instruction: Customer site of the dutch police department used to deliver up to date news to interested employees within the police force.
Integrity requirements: medium
Max severity: critical
Asset identifier: dropr.nl
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is an old domain which shouldn't be in use anymore.
Integrity requirements: low
Max severity: medium
Asset identifier: maximum-status.com
Asset type: URL
Availability requirement: medium
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Static fallback site hosted by cloudflare in the case of a catastrophic event which can be used to show when all other servers and services are completely down.
Integrity requirements: medium
Max severity: critical
Asset identifier: mijnkombijdepolitie.nl
Asset type: URL
Availability requirement: medium
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Customer site of the dutch police department used to deliver up to date news to interested people.
Integrity requirements: medium
Max severity: critical
Asset identifier: no-reply.cloud
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used as default email sender domain for our review, testing and staging environments. Sender addresses usually are in the form of `<custom-site-name>@no-reply.cloud`. For example: `workatmcdo.be@no-reply.cloud`
Integrity requirements: medium
Max severity: critical
Asset identifier: nossl.nl
Asset type: URL
Availability requirement: none
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used as a fallback domain for non-configured backends. It is also used as default TLS response certificate when the domain is not configured and not used anywhere. This causes an intentional incorrect nossl.nl TLS certificate on domains.
Ignoring the ssl certificate mismatch in your browser should give a "This domain is not configured" notice, just like https://nossl.nl/ itself.
Integrity requirements: low
Max severity: high
Asset identifier: preprod.nl
Asset type: URL
Availability requirement: low
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domain used to run staging environments
Integrity requirements: high
Max severity: critical
Asset identifier: qatest.nl
Asset type: URL
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domain used to run review and testing environments
Integrity requirements: high
Max severity: critical
Asset identifier: ruddercms.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: A simple one page site to showcase our home made cms.
Integrity requirements: medium
Max severity: high
Asset identifier: ruddercms.nl
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domain claimed for future use
Integrity requirements: medium
Max severity: high
Asset identifier: rudderplatform.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: Domain to host internal services to facilitate our platform and cms
Integrity requirements: high
Max severity: critical
Asset identifier: werken.belastingdienst.nl
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: werkenbijdefensie.nl
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: werkenbijderet.nl
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: werkenbijdnb.nl
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: wp-mail.nl
Asset type: URL
Availability requirement: low
Confidentiality requirement: medium
Eligible for bounty: true
Eligible for submissions: true
Instruction: This domain is used as default email sender domain for our wordpress review, testing and staging environments. Sender addresses usually are in the form of `<custom-site-name>@wp-mail.nl`. For example: `werkenbijbdo@wp-mail.nl`
