Map: the target placed and namedΒΆ
A first pass over Ankh-Morpork, pulled from certificate transparency and DNS and attributed with the fingerprints, comes out roughly like this:
ankh-morpork.example
www public Seneca Smartsite CMS (Smartsite markers in the page)
mijn public Exxellence PIP portal (/persoonlijke-internet-pagina route)
formulieren public Open Formulieren (openforms-root div, API at /api/v1/)
inloggen identity DigiD (SAML AuthnRequest to DigiD, ACS on this host)
zaken plumbing Open Zaak, ZGW (/zaken/api/v1/ and /catalogi/api/v1/ answer)
koppel plumbing legacy StUF SOAP (SOAP koppelvlak still live)
kaart geo Vicrea (WMS and WFS, proxied to PDOK)
Most of these are front doors, built to be visited. Two are not. zaken answering on the ZGW paths at all is
worth a second look for a back-office API: either it is exposed on purpose or it is reachable when it is not
meant to be. formulieren resolves by CNAME onto a supplier-hosted domain, so the form a resident sees and the
estate that serves it sit on different infrastructure. The core never appears on the apex at all; Centric and
PinkRoccade surface only as the supplier named in the inloggen assertion.
The interesting questions are in how these hosts connect. inloggen hands a DigiD assertion to formulieren, which on prefill pulls
BRP data into the fields, so the authorisation boundary between login and form sits right there. A form
submitted on formulieren opens a case through the ZGW API on zaken, so a logic flaw on the form reaches the
case store behind it. zaken speaking REST while koppel still speaks StUF is the half-migrated seam, old and
new plumbing live at once.
Every row is a passive inference, not a confirmed hit. The map is provisional by definition: the next pass promotes a guess to a fact or drops it.