HuntDash - radancy

Target Policy

https://hackerone.com/radancy?type=team

Structured Scope

Asset Identifier

Asset Type

Max Severity
www2.werkenbijdefensie.nl

This is an old subdomain which is not used anymore

URL

none
evonik.com

This domain is not in our control. Reports will be marked as Not Applicable without further explanation

URL

none
werken.belastingdienst.nl

URL

critical
qatest.nl

Domain used to run review and testing environments

URL

critical
mandrill.maximum.nl

This domain points to mailchimps servers. For issues please refer to: https://hackerone.com/mailchimp

Any reports regarding mandrill.maximum.nl will be marked as spam

URL

none
autodiscover.maximum.nl

This domain is in control of Microsoft. aka: not in our control

URL

none
werkenbijderet.nl

URL

critical
http://*.maximum.nl

Old domain hosting several internally used services and domain for our internal network (also in the process of being phased out)

WILDCARD

critical
maximum-status.com

Static fallback site hosted by cloudflare in the case of a catastrophic event which can be used to show when all other servers and services are completely down.

URL

critical
ruddercms.nl

Domain claimed for future use

URL

high
dropr.nl

This is an old domain which shouldn't be in use anymore.

URL

medium
preprod.nl

Domain used to run staging environments

URL

critical
careers.evonik.com

This domain has been taken over by the client and we are no longer responsible for careers.evonik.com. The new domain we are hosting is humanchemistry.evonik.com

URL

none
rudderplatform.com

Domain to host internal services to facilitate our platform and cms

URL

critical
maximum.com

this domain is not ours but in control of a Chinese organization

URL

none
*.evonik.com

humanchemistry.evonik.com reports ONLY

Other subdomains of evonik.com are not in our control. Reports will be marked as Not Applicable without further explanation

WILDCARD

none
nossl.nl

This domain is used as a fallback domain for non-configured backends. It is also used as default TLS response certificate when the domain is not configured and not used anywhere. This causes an intentional incorrect nossl.nl TLS certificate on domains.
Ignoring the ssl certificate mismatch in your browser should give a "This domain is not configured" notice, just like https://nossl.nl/ itself.

URL

high
successfactors.eu

This domain is in no way affiliated to this organization. Reports regarding this domain will not be taken under advisement. Findings can be reported here: https://hackerone.com/sap

URL

none
humanchemistry.evonik.com

Prior domain was careers.evonik.com

Currently out of scope due to legal issues

URL

none
maxcldapp.net

This domain is used as CNAME target for domains managed by our clients. This way we are able to internally redirect domains to other backends without the need for customers to change their DNS settings.

URL

critical
radancy.nl

This hackerone program is solely for the Dutch sites covered by us. Unfortunately radancy.nl is not in our control. Corporate bureaucracy will prevent any issue for ever being resolved. For this reason we'll have to keep both radancy.nl and radancy.com including any subdomains out of scope.

URL

none
*.maximum.nl

Old domain hosting several internally used services and domain for our internal network (also in the process of being phased out)

WILDCARD

critical
ruddercms.com

A simple one page site to showcase our home made cms.

URL

high
devmaximum.com

devmaximum.com is only used internally for 2 domains. hence it's impact is fairly minor

URL

low
mijnkombijdepolitie.nl

Customer site of the dutch police department used to deliver up to date news to interested people.

URL

critical
doorstromen.mijnkombijdepolitie.nl

Customer site of the dutch police department used to deliver up to date news to interested employees within the police force.

URL

critical
acme-challenge.nl

This domain is used to fulfill the acme challenge type of let's encrypt in an aggregated place. This way there's only one domain to manage for all acme challenges

URL

critical
no-reply.cloud

This domain is used as default email sender domain for our review, testing and staging environments. Sender addresses usually are in the form of `<custom-site-name>@no-reply.cloud`. For example: `workatmcdo.be@no-reply.cloud`

URL

critical
wp-mail.nl

This domain is used as default email sender domain for our wordpress review, testing and staging environments. Sender addresses usually are in the form of `<custom-site-name>@wp-mail.nl`. For example: `werkenbijbdo@wp-mail.nl`

URL

critical
dropr.io

This domain runs a service for media (image, videos audio and document files) hosting, scaling, resizing and retrieving. For example view the source code of https://werken.belastingdienst.nl to see it's usage.

URL

none
radancy.com

This hackerone program is solely for the Dutch sites covered by us. Unfortunately radancy.nl is not in our control. Corporate bureaucracy will prevent any issue for ever being resolved. For this reason we'll have to keep both radancy.nl and radancy.com including any subdomains out of scope.

URL

none
werkenbijdnb.nl

URL

critical
www.werkenbijbakertilly.nl

URL

critical
werkenbijdefensie.nl

URL

critical

Target Scope Domains

acme-challenge.nl
devmaximum.com
doorstromen.mijnkombijdepolitie.nl
dropr.nl
maxcldapp.net
maximum-status.com
maximum.nl
mijnkombijdepolitie.nl
no-reply.cloud
nossl.nl
preprod.nl
qatest.nl
ruddercms.com
ruddercms.nl
rudderplatform.com
werken.belastingdienst.nl
werkenbijdefensie.nl
werkenbijderet.nl
werkenbijdnb.nl
wp-mail.nl
www.werkenbijbakertilly.nl

Tech Stack

Last Finished Scan:

Scan Name

Fleet

Finished

State

auto-gausubs-2-kxss

allkxss

1 year, 1 month ago

Finished

auto-gausubs-2-kxss

Fleet: allkxss
Duration: 24.77 Minutes
Finished: 1 year, 1 month ago

Radancy HackerOne

Target Policy

Structured Scope

Asset Identifier

Asset Type

Max Severity

Target Scope Domains

Tech Stack

Last Finished Scan: