CTS_Report_20211031_eaglehillsjordan_com

WEB VULNERABILITY SCANNING REPORT eagle hills jordan 31 OCT 21 22:21 CET https://eaglehillsjordan.com

1 Overview 1.1 Vulnerability Overview Based on our testing, we identified 829 vulnerabilities. critical 0 high 0 medium 814 low 1 informational 14 01512203530454055065607570858091591015101501110215210315310415410515106156107157108258209259202502125120252032532042542052520625620725720835830935930350313513023523035304354305353063563073573084584094594045041451402452403453404540545406456407457408585095950505151502525035350454505506565075750865860965960650616516026526036536046546056560656076576087587097597075071751702752703753704754705757067567075708580985905015050 Figure 1.1: Total number of vulnerabilities for ”eagle hills jordan” STATE DESCRIPTION BASE SCORE CRITICAL These findings are very critical whilst posing an immediate threat. Fix- 9 - 10 ing these issues should be the highest priority, regardless of any other issues. HIGH Findings in this category pose an immediate threat and should be fixed 7 - 8.9 immediately. MEDIUM Medium findings may cause serious harm in combination with other 4 - 6.9 LOW security vulnerabilites. These findings should be considered during project planning and be fixed within short time. Low severity findings do not impose an immediate threat. Such find- 0.1 - 3.9 ings should be reviewed for their specific impact on the application and be fixed accordingly. INFO Informational findings do not pose any threat but have solely informa- 0 tional purpose.

1.2 Scanner Overview During the scan, the Crashtest Security Suite was looking for the following kinds of vulnerabilities and security issues: ✓ Server Version Fingerprinting ✓ Security Headers ✓ Web Application Version Fingerprinting ✓ Content-Security-Policy headers ✓ CVE Comparison ✓ Portscan ✓ Heartbleed ✓ Boolean-based blind SQL Injection ✓ ROBOT ✓ Time-based blind SQL Injection ✓ BREACH ✓ Error-based SQL Injection ✓ BEAST ✓ UNION query-based SQL Injection ✓ Old SSL/TLS Version ✓ Stacked queries SQL Injection ✓ SSL/TLS Cipher Order ✓ Out-of-band SQL Injection ✓ SSL/TLS Perfect Forward Secrecy ✓ Reflected Cross-site scripting (XSS) ✓ SSL/TLS Session Resumption ✓ Stored Cross-site scripting (XSS) ✓ SSL/TLS secure algorithm ✓ Cross-Site Request Forgery (CSRF) ✓ SSL/TLS key size ✓ File Inclusion ✓ SSL/TLS trust chain ✓ Directory Fuzzer ✓ SSL/TLS expiration date ✓ File Fuzzer ✓ SSL/TLS revocation (CRL, OCSP) ✓ Command Injection ✓ SSL/TLS OCSP stapling ✓ XML External Entity Processing (XXE) Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 3/125 https://crashtest-security.com

1.2.1 Status for executed Scanners PERCENTAGE STATUS 100% 31 completed SCANNER 100% 1 completed Command Injection 100% 31 completed Portscan 100% 31 completed Cross-Site Scripting (XSS) 100% 1 completed Cross-Site Request Forgery (CSRF) 100% 1 completed CVE 100% 31 completed Transport Layer Security (TLS/SSL) 100% 31 completed XML External Entity (XXE) 100% 1 completed SQL Injection 100% 31 completed Multipage Crawler 100% 31 completed Deserialization 100% 1 completed File Inclusion 100% 1 completed Fingerprinting 100% 1 completed Fuzzer 100% 224 completed HTTP Header Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 4/125 https://crashtest-security.com

1.3 Findings Checklist 1.3.1 SSL/TLS STATE FINDING RESULT NOTICED FIXED DNS Certification Authority Authorization (CAA) Resource Record / RFC6844: 0.0 Not offered The server is configured to use average ciphers like SEED + 128+256 Bit CBC 3.7 ciphers (AES, CAMELLIA and ARIA) which are deprecated 1.3.2 HTTPHEADER STATE FINDING RESULT NOTICED FIXED The Strict-Transport-Security (HSTS) header is not set for URL https:// 4.8 eaglehillsjordan.com. The Content-Security-Policy header is not set for URL https: 6.5 //eaglehillsjordan.com. The cookie with the name ’username’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’handl_ref’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_content’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’utm_medium’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 5/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 6.5 The cookie with the name ’utm_campaign’ does not have the flag ’SameSite’ set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’gclid’ does not have the flag ’SameSite’ set. 6.5 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’email’ does not have the flag ’SameSite’ set. 6.5 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’utm_term’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’handl_url’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’handl_landing_page’ does not have the flag ’Same- 6.5 Site’ set. This may leak sensitive information. This was found on URL https://eaglehillsjordan.com. The cookie with the name ’utm_source’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_ip’ does not have the flag ’SameSite’ 6.5 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’handl_original_ref’ does not have the flag ’Same- 6.5 Site’ set. This may leak sensitive information. This was found on URL https://eaglehillsjordan.com. The cookie with the name ’handl_original_ref’ does not have the flag ’secure’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 6/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 4.8 The cookie with the name ’utm_medium’ does not have the flag ’secure’ set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_source’ does not have the flag ’secure’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_content’ does not have the flag ’secure’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’gclid’ does not have the flag ’secure’ set. This may 4.8 leak sensitive information. This was found on URL https://eaglehillsjordan. com. The cookie with the name ’utm_campaign’ does not have the flag ’secure’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’utm_term’ does not have the flag ’secure’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’username’ does not have the flag ’secure’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_url’ does not have the flag ’secure’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_ref’ does not have the flag ’secure’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_landing_page’ does not have the flag ’secure’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 7/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 4.8 The cookie with the name ’email’ does not have the flag ’secure’ set. This may leak sensitive information. This was found on URL https://eaglehillsjordan. com. The cookie with the name ’handl_ip’ does not have the flag ’secure’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’utm_campaign’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_ref’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_term’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_content’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’utm_medium’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_ip’ does not have the flag ’HttpOnly’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’handl_url’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’utm_source’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 8/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 4.8 The cookie with the name ’handl_original_ref’ does not have the flag ’HttpOnly’ set. This may leak sensitive information. This was found on URL https://eaglehillsjordan.com. The cookie with the name ’handl_landing_page’ does not have the flag 4.8 ’HttpOnly’ set. This may leak sensitive information. This was found on URL https://eaglehillsjordan.com. The cookie with the name ’gclid’ does not have the flag ’HttpOnly’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. The cookie with the name ’username’ does not have the flag ’HttpOnly’ 4.8 set. This may leak sensitive information. This was found on URL https: //eaglehillsjordan.com. The cookie with the name ’email’ does not have the flag ’HttpOnly’ set. 4.8 This may leak sensitive information. This was found on URL https:// eaglehillsjordan.com. 6.5 The X-Frame-Options header is not set for URL https://eaglehillsjordan.com. 4.3 The Referrer-Policy header is not set for URL https://eaglehillsjordan.com. 1.3.3 FINGERPRINTING STATE FINDING RESULT NOTICED FIXED Found Wordpress-Contact-Form running in version 7.5.5.1. (There are no 5.3 known CVE issues for this finding) 1.3.4 PORTSCAN Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 9/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 0.0 Found open port ”5432/tcp” with service name ”PostgreSQL DB” 0.0 Found open port ”53/tcp” with service name ”ISC BIND” 0.0 Found open port ”587/tcp” 0.0 Found open port ”993/tcp” with service name ”Dovecot imapd” 0.0 Found open port ”21/tcp” with service name ”Pure-FTPd” 0.0 Found open port ”110/tcp” with service name ”Dovecot pop3d” 0.0 Found open port ”3306/tcp” with service name ”MySQL” 0.0 Found open port ”995/tcp” with service name ”Dovecot pop3d” 0.0 Found open port ”443/tcp” with service name ”nginx” Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 10/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 0.0 Found open port ”2525/tcp” 0.0 Found open port ”80/tcp” with service name ”nginx” 0.0 Found open port ”143/tcp” with service name ”Dovecot imapd” 0.0 Found open port ”465/tcp” 1.3.5 FUZZER STATE FINDING RESULT NOTICED FIXED Retrieved https://eaglehillsjordan.com//..%5C../..%5C../..%5C../..%5C../.. 5.3 %5C../..%5C../boot.ini by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/bb-admin/login.php by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backup_v2 by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backup.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.bashrc by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 11/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/%5C..%5C..%5C..%5C..%5C..%5C..% 5C..%5C..%5C..%5C..%5Cboot.ini by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/boot.ini by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.bash_logout by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.bash_profile by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.bak by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/c99.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backup.sql.tar.gzip by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backupwordpress by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/..%5C..%5C..%5C..%5C..%5C..%5C..% 5.3 5C..%5C..%5C..%5Cboot.ini by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.bash_history by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 12/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com//.%5C%5C./.%5C%5C./.%5C%5C./. %5C%5C./.%5C%5C./.%5C%5C./boot.ini by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com//boot.ini by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backwpup by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/backup_v1 by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/..%C0%AF../..%C0%AF../..%C0%AF../ 5.3 ..%C0%AF../..%C0%AF../..%C0%AF../boot.ini by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/CHANGE.log by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/ftpsh by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/logs by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmin/ by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/change.log by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 13/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/c99shell.php by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmin.asp by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/changelog by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/CHANGELOG by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/.htaccess.save by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cloudbuild.yaml by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/.htpasswd by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ccbill.log by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmin.cfm by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/.htaccess~ by using a GET 5.3 request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 14/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/cgi-bin/pass by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/environ.cgi by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ChangeLog by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cgi-bin/.passwd by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/CHANGES by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~config.php.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~config.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/composer.lock by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~configuration.php.backup by using 5.3 a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/contrib/README by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 15/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/cmsadmin.php by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.configuration.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmin.jsp by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/controlpanel by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~conf.php.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~conf.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.configuration.php.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmincontrols by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/Config by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cmsadmin.html by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 16/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/conf.php.backup by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/connect.inc by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/config by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/conf.backup by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~configuration.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db_admin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~data by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/COPYING by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/data.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~daemon by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 17/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/_dbAdmin by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.cpanel by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/data.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbadmin.bz2 by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cp by using a GET request on the URL 5.3 without prior knowledge. Retrieved https://eaglehillsjordan.com/database.sql.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/cron.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db1.sqlite by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/database.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_dbadmin by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 18/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/dbadmin.gz by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/database.db by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db/ by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/database.log by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~db by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.backup by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.gz by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.bz2 by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbadmin.sql.tar.gzip by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_db_backup by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 19/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/dbdump.gz by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbbackup by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbdump.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db_bakfile by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db_backup by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbadmin.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 20/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/dbdump.bz2 by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbadmin.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.db by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbase.bz2 by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbadmin.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/default/settings.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/default/.settings.php.backup by us- 5.3 ing a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/default/~settings.php.backup by us- 5.3 ing a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.properties by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.sqlite by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 21/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/default/~settings.backup by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.log by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.inc by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.sql.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.gz by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.tar.gzip by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbdump.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbdump.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 22/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/db.tar.bzip2 by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db-full.mysql by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/default/.settings.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dbdump.sql.tar.gzip by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/db.ini by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/encryptionkeys by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/default/settings.php.backup by us- 5.3 ing a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/docs/ by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dmsadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.ext_localconf.backup by using a GET 5.3 request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 23/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/~ext_localconf.php.backup by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/..%5C..%5C..%5C..%5C..%5C..%5C..% 5.3 5C..%5C..%5C..%5Cetc%5Cpasswd by using a GET request on the URL with- out prior knowledge. Retrieved https://eaglehillsjordan.com/dump by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.env by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/Dockerfile by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ext_localconf.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ext_localconf.php.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/etc/hosts by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.DS_Store by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/eudora.ini by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 24/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/dummy.php by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.ext_localconf.php.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/dra.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/etc/password by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~ext_localconf.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.ftpconfig by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.gitk by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.forward by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/fileadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/flashFXP.ini by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 25/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/home.sql.tar.bzip2 by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.gitlab/ by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~fw by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.gitignore by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.fhp by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~gdm by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/globals.inc by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/home.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~halt by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~firewall by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 26/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/.history by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.git/ by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ftp by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~help by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.gitconfig by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~http by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess_extra by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccessBAK by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/httpd.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htgroup by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 27/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/.htaccess-dev by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess-marco by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess.bak1 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess.sample by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccessOLD by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess.orig by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htpasswd by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess_orig by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/htgroup by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess.save by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 28/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/.htaccess_sc by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess-local by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htacess by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htaccess~ by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/htpasswd by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~index.php.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.index.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/index.backup by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/iisadmpwd by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/httpd/logs/access.log by using a 5.3 GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 29/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/httpd/logs/error.log by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.idea by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~index.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/iisadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/httpd/logs/access_log by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.include/ by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/httpd_logs by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/index.php.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/https-admserv by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.htuser by using a GET request on the 5.3 URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 30/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/Inc by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/http_logs by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!include by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/index.php-bak by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/inc by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/kpanel by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/LICENSE.html by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/license by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.logs/ by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!login by using a GET request on the 5.3 URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 31/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/_log by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/lilo.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/info.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~mail by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/logs by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/install by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.lynx_cookies by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~install/ by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_install by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/i.php by using a GET request on the 5.3 URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 32/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/init.php by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~lp by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/instructions.php by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/log.out by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/log.cfm by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/myadmin/ by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!mgt by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.mysql_history by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mysql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mysql.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 33/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/mysql.sql.tar.gzip by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.meta by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mailman/listinfo by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mrtg.cfg by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_myadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!mssql_setup.asp by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mysql.bz2 by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/metrics by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mysql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/master.passwd by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 34/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/myadm/ by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/myadminbreeze by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/mysql.gz by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/myadminphp by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!mysql_setup.asp by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/passlist by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.passwd by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~news by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/pass.dat by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 35/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/.old/ by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!old by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~office by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx-error.log by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.nsconfig by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx-ssl.access.log by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ospfd.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx_status by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/passwd by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~operator by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 36/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/nginx-access.log by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx-ssl.error.log by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.netrc by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/nginx-status/ by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/password.inc by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.proclog by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/phpAdmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/phpMy by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/password.log by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php_info.php by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 37/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/php-my-admin by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/passwords by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/phpmyad by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php.include by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/phpinfo.php by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~postmaster by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_phpmyadmin by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php-myadmin by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.procmailrc by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php_myadmin by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 38/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/~pop by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php-mysql by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/php.ini by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/pbadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.profile by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~rpc by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.protect by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/r00t by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_pycache_ by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~reception by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 39/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/r58.php by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.project by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/r57shell.php by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.rhosts by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!root by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.psql_history by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/r99.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/_readme by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/Readme by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/pwd.db by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 40/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/readme by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/root by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/r57eng.php by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/README by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/secring.skr by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~settings.php.backup by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~settings.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.save by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/site.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 41/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/server.cfg by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/serv-u.ini by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.settings.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.sh_history by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.settings.php.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/slapd.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/setup by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.dist by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/!setup.asp by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/securecontrolpanel by using a GET 5.3 request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 42/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/~shutdown by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.swp by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.ini by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/settings.php by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/site.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/support/logs by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ssl by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/sql by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/spwd.db by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.sqmaildata by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 43/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/SysAdmin by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~system by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.ssh by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/smblogin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/Sysadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/sswadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~sync by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.sqmailattach by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~staff by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~sql by using a GET request on the 5.3 URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 44/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/.sql by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/sshadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.spamassassin by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ssadmin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/sysadm by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/users.bz2 by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/temp.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/users.tar.gzip by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/users.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/temp.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 45/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/users.tar.bzip2 by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~uucp by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/UPGRADE by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/tmp/error.log by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/tmp/access_log by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/test.php by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/users.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/upload.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~toor by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/tmp/access.log by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 46/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/UPDATE by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/users.gz by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/vtund.conf by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/todo by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/upload.sql.tar.bzip2 by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/webmaster by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wand.dat by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.web by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.inc by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~wp-config.php.backup by using a 5.3 GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 47/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/wp-config.php1 by using a GET re- quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/web.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~web by using a GET request on the 5.3 URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.php2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/WEB-INF/webapp.properties by us- 5.3 ing a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-admin by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/web.config by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.dist by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.php.dist by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wcx_ftp.ini by using a GET request on 5.3 the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 48/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/wp-config.php.backup by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/web.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.backup by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.php~ by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/~wp-config.backup by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-content/debug.log by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/www.sql.tar.gzip by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-content/wp-config.backup by us- 5.3 ing a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/www.sql.tar.bzip2 by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wvdial.conf by using a GET request 5.3 on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 49/125 https://crashtest-security.com

STATE FINDING RESULT NOTICED FIXED 5.3 Retrieved https://eaglehillsjordan.com/wp-content/wp-config.php.backup by using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/.www_acl by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.php.templ by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-content/~wp-config.backup by 5.3 using a GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/ws_ftp.ini by using a GET request on 5.3 the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-config.php.inc by using a GET re- 5.3 quest on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-content/backups by using a GET 5.3 request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-login.php by using a GET request 5.3 on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-content/backup-db by using a 5.3 GET request on the URL without prior knowledge. Retrieved https://eaglehillsjordan.com/wp-settings.php by using a GET re- 5.3 quest on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 50/125 https://crashtest-security.com