CTS_Report_20211031_eaglehillsjordan_com

2.3 FINGERPRINTING 2.3.1 What is this? The responses a server sends to its client often contain more information then necessary. This surplus of information makes it possible to draw conclusions about the servers software or used programming languages. It could reveal the version of the web application and the libraries in use. The analysis of these information is called fingerprinting. Based on fingerprinting, an attacker can get valuable input to plan and carry out his attack. Without it, an attacker is attacking blindly. Whenever a special version of a server or a web application is vulnerable for an attack, crawlers search the web for traces of this version and start an attack if they found one. So it is likely that someone gets attacked just because they leak these information, and therefore show that your application or server is vulnerable. 2.3.2 Fingerprint Web Application Framework Severity Base Score: medium (5.3/10) All values are based on the Common Vulnerability Impact: low (1.4/10) Scoring System v3. Exploitability: low (3.9/10) Description The installed web application framework(s) offer information about their version. This opens attackers the possibility to look for exploits specifically targeting the software running in its exact version. Finding + Found Wordpress-Contact-Form running in version 7.5.5.1. (There are no known CVE issues for this finding) How to fix Depending on the used application there are multiple ways to remove version information. Some applications also share the information in multiple places, which makes it harder to remove it. Common places for version information are the filename of included libraries like ”jquery.3.2.1.min.js” or the documentation within a file, where the version number is stated within the first lines. While some information is required to be left within these files as a part of the copyright, other information like the version number can be removed. Other places could be the footer of an application ”powered by Wordpress 4.9.1” or meta-tags within the header of the website. Unlike servers, most web applications cannot remove these information via a config file and therefore need to be removed manually, by editing the specific templates and files. More details on how to fix this problem can be found in the knowledge database (see Recommendations) Recommendations https://wiki.crashtest-security.com/prevent-web-application-framework-information-leakage Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 101/125 https://crashtest-security.com

2.4 PORTSCAN 2.4.1 What is this? A port is a kind of door on the server that can be used to connect to a specific service. For a webserver the port 80 and port 443, which are for HTTP/HTTPS, are most likely open to serve the website to the users. Other ports should be closed if they are not needed for any service. The portscanner tests the webserver with a SYN scan for a wide range of possibly open ports and reports them back. If there are any other open ports except of port 80 and port 443, they should be blocked by the firewall if they are not needed. 2.4.2 Portscanner Severity Base Score: informational (0/10) All values are based on the Common Vulnerability Impact: informational (0/10) Scoring System v3. Exploitability: informational (0/10) Description Unneeded open ports on the webserver opens a large attack surface to a malicious user. This can be used to find unmaintained and possibly vulnerable network services that can be targeted. Finding + Found open port ”5432/tcp” with service name ”PostgreSQL DB” + Found open port ”53/tcp” with service name ”ISC BIND” + Found open port ”587/tcp” + Found open port ”993/tcp” with service name ”Dovecot imapd” + Found open port ”21/tcp” with service name ”Pure-FTPd” + Found open port ”110/tcp” with service name ”Dovecot pop3d” + Found open port ”3306/tcp” with service name ”MySQL” + Found open port ”995/tcp” with service name ”Dovecot pop3d” + Found open port ”443/tcp” with service name ”nginx” + Found open port ”2525/tcp” + Found open port ”80/tcp” with service name ”nginx” + Found open port ”143/tcp” with service name ”Dovecot imapd” + Found open port ”465/tcp” How to fix Unnecessarily open ports can be closed by setting up a firewall and block connections to all ports except of those that are needed by the server. Furthermore services that are not needed should be uninstalled. Recommendations https://wiki.crashtest-security.com/insecure-network-services-open-port-scanner Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 102/125 https://crashtest-security.com

2.5 FUZZER 2.5.1 What is this? Fuzzing, or robustness testing, fuzzy testing or negative testing, is a software testing technique that uses random or pre-defined data as input of a program. The random data can be used to simulate the later use, in which not only plausible data must be processed. In this case, the Fuzzer is looking for publicly available default paths through which attackers could gain access to the system. Those default paths may leak sensitive information or grant access to functionality which modifies the application. 2.5.2 Sensitive Data Exposure Severity Base Score: medium (5.3/10) All values are based on the Common Vulnerability Impact: low (1.4/10) Scoring System v3. Exploitability: low (3.9/10) Description The server grants access to a file or directory which might contain sensitive data. This can either leak sensitive data itself or allow an attacker to use the provided information to prepare a further attack. Finding + Retrieved https://eaglehillsjordan.com//..%5C../..%5C../..%5C../..%5C../..%5C../..%5C../boot.ini by using a GET re- quest on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bb-admin/login.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backup_v2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backup.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.bashrc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/boot.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.bash_logout by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.bash_profile by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.bak by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backup.sql.tar.gzip by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backupwordpress by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.bash_history by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com//.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./boot. ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com//boot.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backwpup by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 103/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/backup_v1 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/..%C0%AF../..%C0%AF../..%C0%AF../..%C0%AF../..%C0%AF../..%C0%AF../ boot.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CHANGE.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgi-bin/ftpsh by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgi-bin/logs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmin/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/change.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmin.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/changelog by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CHANGELOG by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cgi-bin/.htaccess.save by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cloudbuild.yaml by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cgi-bin/.htpasswd by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ccbill.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmin.cfm by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cgi-bin/.htaccess~ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgi-bin/pass by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgi-bin/environ.cgi by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ChangeLog by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgi-bin/.passwd by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/CHANGES by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~config.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~config.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/composer.lock by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~configuration.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/contrib/README by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cmsadmin.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.configuration.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmin.jsp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/controlpanel by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~conf.php.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~conf.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.configuration.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmincontrols by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 104/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/Config by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmsadmin.html by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/conf.php.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/connect.inc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/config by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/conf.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~configuration.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db_admin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~data by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/COPYING by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/data.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~daemon by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_dbAdmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.cpanel by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/data.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/dbadmin.bz2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/database.sql.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cron.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db1.sqlite by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/database.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/_dbadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbadmin.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/database.db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/database.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbase.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.bz2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbadmin.sql.tar.gzip by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_db_backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbdump.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbase.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/dbase.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/dbbackup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbdump.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db_bakfile by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db_backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbadmin.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbase.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbase.tar.gzip by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 105/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/dbdump.bz2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbadmin.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbase.bz2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbadmin.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/default/settings.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/default/.settings.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/default/~settings.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.properties by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.sqlite by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/default/~settings.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.inc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.sql.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.tar.gzip by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbdump.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/dbdump.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/db.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db-full.mysql by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/default/.settings.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dbdump.sql.tar.gzip by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/db.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/encryptionkeys by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/default/settings.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/docs/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dmsadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.ext_localconf.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~ext_localconf.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cetc%5Cpasswd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dump by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.env by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Dockerfile by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ext_localconf.backup by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 106/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/ext_localconf.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/etc/hosts by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.DS_Store by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/eudora.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dummy.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.ext_localconf.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dra.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/etc/password by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~ext_localconf.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.ftpconfig by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.gitk by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.forward by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/fileadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/flashFXP.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/home.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.gitlab/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~fw by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.gitignore by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.fhp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~gdm by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/globals.inc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/home.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~halt by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~firewall by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.history by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.git/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ftp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~help by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.gitconfig by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~http by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htaccess_extra by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccessBAK by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/httpd.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htgroup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htaccess-dev by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess-marco by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess.bak1 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess.sample by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccessOLD by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess.orig by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htpasswd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htaccess_orig by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 107/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/htgroup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htaccess.save by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess_sc by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htaccess-local by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htacess by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.htaccess~ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/htpasswd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~index.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.index.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/index.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/iisadmpwd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/httpd/logs/access.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/httpd/logs/error.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.idea by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~index.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/iisadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/httpd/logs/access_log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.include/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/httpd_logs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/index.php.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/https-admserv by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.htuser by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Inc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/http_logs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!include by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/index.php-bak by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/inc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/kpanel by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/LICENSE.html by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/license by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.logs/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!login by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/lilo.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/info.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~mail by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/logs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/install by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.lynx_cookies by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~install/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_install by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/i.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/init.php by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 108/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/~lp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/instructions.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/log.out by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/log.cfm by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/myadmin/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!mgt by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.mysql_history by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mysql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mysql.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/mysql.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.meta by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/mailman/listinfo by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mrtg.cfg by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_myadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!mssql_setup.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mysql.bz2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/metrics by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/mysql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/master.passwd by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/myadm/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/myadminbreeze by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mysql.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/myadminphp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/!mysql_setup.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/passlist by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.passwd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~news by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/pass.dat by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.old/ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!old by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~office by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx-error.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.nsconfig by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx-ssl.access.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ospfd.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx_status by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/passwd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~operator by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx-access.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/nginx-ssl.error.log by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 109/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/.netrc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nginx-status/ by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/password.inc by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.proclog by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpAdmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpMy by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/password.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/php_info.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php-my-admin by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/passwords by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpmyad by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php.include by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpinfo.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~postmaster by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/_phpmyadmin by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/php-myadmin by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.procmailrc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php_myadmin by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~pop by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php-mysql by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/pbadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.profile by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~rpc by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.protect by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r00t by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_pycache_ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~reception by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r58.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.project by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r57shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.rhosts by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!root by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.psql_history by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r99.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_readme by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Readme by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/pwd.db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/readme by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/root by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r57eng.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/README by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/secring.skr by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~settings.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~settings.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/settings.save by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 110/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/site.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/settings.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/server.cfg by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/serv-u.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.settings.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/.sh_history by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.settings.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/slapd.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/setup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/settings.dist by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/!setup.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/securecontrolpanel by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~shutdown by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/settings.swp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/settings.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/settings.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/site.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/support/logs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ssl by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sql by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/spwd.db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.sqmaildata by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SysAdmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~system by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.ssh by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/smblogin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Sysadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sswadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~sync by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.sqmailattach by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~staff by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~sql by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.sql by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sshadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.spamassassin by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ssadmin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sysadm by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/users.bz2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/temp.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/users.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/users.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/temp.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/users.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~uucp by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 111/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/UPGRADE by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/tmp/error.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/tmp/access_log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/test.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/users.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/upload.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~toor by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/tmp/access.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/UPDATE by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/users.gz by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/vtund.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/todo by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/upload.sql.tar.bzip2 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/webmaster by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wand.dat by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.web by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.inc by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~wp-config.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.php1 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/web.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~web by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.php2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/WEB-INF/webapp.properties by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-admin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/web.config by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.dist by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wp-config.php.dist by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wcx_ftp.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/web.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wp-config.backup by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wp-config.php~ by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~wp-config.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-content/debug.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/www.sql.tar.gzip by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wp-content/wp-config.backup by using a GET request on the URL with- Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 112/125 https://crashtest-security.com

out prior knowledge. + Retrieved https://eaglehillsjordan.com/www.sql.tar.bzip2 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wvdial.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-content/wp-config.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.www_acl by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.php.templ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-content/~wp-config.backup by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/ws_ftp.ini by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.php.inc by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/wp-content/backups by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-login.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-content/backup-db by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-settings.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~xfs by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-content/~wp-config.php.backup by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wp-config.swp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/~www by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/.wwwacl by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/3fexeShell.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ASpy.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Ani-Shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/3fexe.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AK-74SecurityTeam.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/zebra.conf by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ASPYDrvsInfo.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ASPCmdShellOnIIS5.1.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/404webshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/404infiltrateteam.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/150.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AntichatShellv1.3.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AntichatShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/529.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/12309.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AntichatSocks5Serverv1.0.php by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/xmlrpc.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Ajax_PHPCommandShell.php by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 113/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/2011.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ASPYDrvsInfo.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/CrystalShellv.1.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Backupscriptonserver.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/BackConnect.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/C99madShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/CarbylaminePHPEncoder.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Bnkqbakq.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/CWShellDumper.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Backdoorphpv0.1CodedByCharlichaplin.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CasuS1.5.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Antichat_Shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/BLaSTER.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/AyyildizTim.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/AventisKlasVayv1.0.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AspRootkit1.0byBloodSword.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CommandShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Crystal.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CmdAsp.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/B374kBetaShElLV1.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/AventGrup-Sincap1.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CyberShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/DToolPro.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/DDoSattack.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/FaTaLShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Dx.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Ekin0x.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/EgY_SpIdErShElLV2.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/EditedByKingDefacer.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/DiveShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ElmaliSeker.asp by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 114/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/GRPWebShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/FaTaLisTiCz_Fx.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/DefaceKeeper0.2.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/EFSO.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/GNY.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/GFSweb-shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Fileupload.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ELMALISEKERBackd00r.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/G5.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/DAws.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CyberSpy5.Asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Micro_Webshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Locus7s.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/KA_uShell0.1.6.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/NTDaddyv1.9.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/KnullShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/NTDaddyv1.9.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/NCC-Shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/MatamuMat.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/I-47v1.3.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/NetworkFileManagerPHP.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/LoaderzWEBShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Non-alphanumeric.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/MysqludfbyM4ster.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/MoroccanSpamersMa.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/MySQLWebShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Mysqlinterfacev1.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/GammaWebShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Loader’zWEBShellv0.1.0.2.php by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/NCCShellv1.0.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Lolipop.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/RHTOOLS1.5BETA(PVT)EditedByKingDefacer.asp by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 115/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/PHPRemoteView.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Php_Backdoor.txt.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PHPWebShellbyoTTo.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PHPSPY.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PHANTASMA.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/PHVayv.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/RedHatHacker.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Privatex0rgWebHostingBypass.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PhpShell2.0.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/RemoteExplorer.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/RHTOOLS1.5BETA(PVT).asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PhpSpyVer2006.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/PhpBackdoorv.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Private-i3lue.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/RemExp.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Predator.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/PHPJackal.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/PH_Vayv.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/PHPShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/SimAttacker.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ServerVariables.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SilicGroupHackerArmy.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SnIpEr_SA%20Shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SSTSheller.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Safe0verShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/Rootshell.v.1.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/StoredProcedureExecute.aspx by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/Safemodebreaker.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SmallWebShellbyZaCo.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ShellCommander.php by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 116/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/SpiderPHPShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SmallShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/SosyeteSafeModeBypassShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/STNCWebShellv0.8.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SilicGroupphpWebshellv3.php by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/SnIpEr_SAShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Sincap.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Safe_Mode_Bypass.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/SimShell1.0-SimorghSecurityMGZ.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ZehirIV.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/WebShell.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/WelcomeToAKTeam.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/WebShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/WinXShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ZyklonShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/WSO2.7404ErrorWebShell.php by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/aZRaiLPhpv1.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ZoRBaCKConnect.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/WordPressShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/WorseLinuxShell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/accept_language.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Webr00tshell2.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/WinMOFShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/acid.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/angel.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/W3DShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/aZRaiLPhp_v1.0.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/aspSH.v1.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/antichat.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/aspxSH.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/azrail.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/b374k.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/aspydrv.asp by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 117/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/b37.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/aspxshell.aspx by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/byEJDER.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/b374k-2.5.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/bdshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/browser.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/b64.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backupsql.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/blackbin.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bug.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bdotw44shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/bypass-iisuser-p.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bs2.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bns-php-shell by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/aspwgetdragdatabase.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/backdoorfr.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c66.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c100.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99-shadows-mod.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c0derzshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c171.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99_webshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99_PSych0.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99v2.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c37.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bypasssafemodel.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99ud.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cbfphpsh.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99unlimited.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99-Ultimate.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c993.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/c99_locus7s.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c999shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99_madnet.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99madshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/c99_w4cking.php by using a GET request on the URL without prior knowl- Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 118/125 https://crashtest-security.com

edge. + Retrieved https://eaglehillsjordan.com/devshell.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/dC3SecurityCrewShellPRiV.php by using a GET request on the URL with- out prior knowledge. + Retrieved https://eaglehillsjordan.com/cmd_win32.jsp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/devilzShell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cmdasp.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/egy.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ddos.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmd.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/connect-back.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/co.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cihshell_fix.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/dq.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ctt_sh.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cmd-asp-5.1.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cmd.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cybershell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/devilzShell.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cls_Base.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cmdexec.aspx by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/cmd.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/h4ck_Door.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/filesystembrowser.aspx by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/from_the_wild1.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/h4ntushell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/g00nshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/hkmjj.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/filesman.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/hkrkoz.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/iMHaPFtp.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/g00nv13.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/erne.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/hiddensshellv1.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/inDEXERAndReaDer.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/gfs_sh.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/forever5pi.asp by using a GET request on the URL without prior knowl- edge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 119/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/fileupload.aspx by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/h4ntu_shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/hacker.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ex0shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/elmaliseker.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/jspShell.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/itsecteam_shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/load_shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/lamashell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/lostDCshell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/liz0zim.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/jspbd.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/list.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/list.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ironshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/maingtasks.log by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/kolang-bypass.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/log.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/locus.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/iskorpitx.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/kral.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/lostDC.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/matamu.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/isko.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/maingphp_error.log by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/myshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php-reverse-shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpshell17.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/nShellv1.0.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/mssql.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/phpsploit.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/php-backdoor.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/php-extension-backdoor by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/php-findsock-shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/mma.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ntdaddy.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/mysql_tool.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/phpwebbackup.php by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 120/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/php-include-w-shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/pHpINJ.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/navicat_tunnel.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/nsTView.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/nshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/moon_1php.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/megabor.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/pws.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r57_iFX.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r57shell127.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/r57shellv.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/safe0ver.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/reverse.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/s72Shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/simple-backdoor.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sdoor.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/reverseshell-poc.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/qsd-php-backdoor.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/s72_Shell.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/r57_Mohajer22.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/r57_kartal.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/scanner.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/pwdshellru.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/ru24_post_sh.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/simattacker.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/r57.bizDq99Shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/udp.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/stres.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/spexec.aspx by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/soldierofallah.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/t.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/up.jsp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/toolaspshell.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/sys.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/tryag.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/spygrup.php by using a GET request on the URL without prior knowledge. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 121/125 https://crashtest-security.com

+ Retrieved https://eaglehillsjordan.com/tool.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/simple_cmd.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/sosyete.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sys32.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/up.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sniper.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/sniffer.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/udf.dll.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/t57shell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/spyshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/15840555a5a9ed4c7488481ec83740e51465ceb2.file.logs_static.tpl.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/upfile_write.asp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/zaco.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/%25CnC%25 by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/wordpressbackdoor.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/zehir.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/1782da8d6812f696750e41aaf9e78e68e4f07578.file.ajax.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/xynu-NormalUniversity.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/zacosmall.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/upl0ader.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/00ebbfdc60999b54fdbf35a0699c3551b09a33b9.file.index.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/webhandler by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/up_win32.jsp by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/xnonymoux_webshell.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/13bb870f32f183d8828dcfe9b199b3c68789155d.file.index.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/04885805d2c6e064c2b145362c99e4adcc11ce47.file.search.tpl.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/08ed091025f407cb757b6c832a4b61f6930556a2.file.links.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/zehir4.asp by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/webr00t.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/00284d896df6965cf6b6e99718ddcd99315200ca.file.rights.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/8da03a92d68e0e53c275bedd439256612c468d64.file.index.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/5a3d0c7a3173b22fbe0fe97e78394f7b88754dd6.file.empty.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/a3d00170f86f14e7a6d17ddf9be395481dfa9fb7.file.screens.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/8d241ee32b630592b650f219f7110d5c18b92093.file.info.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/506702049dcb935eb57de850c79009ce8bbd7524.file.savelog_window. tpl.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/Zeus by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/73690290fb4e57b22fe3aedbc0957af0b1e637ff.file.jobs_add_window.tpl. Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 122/125 https://crashtest-security.com

php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/442c47b1a97b6ef63cccb7efd72d2b8b659540b5.file.access_denied.tpl. php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/CGjUwP8yJUs7RjH7OinJ by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/BmYBcnhwJxwk by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/492406078b55dd12ca968ba855cc51086aa03a05.file.injects.tpl.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/7c7ce9cbe3d97d5bd48a6117b863fd4c609486a7.file.stat.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/5f922338e39dbdc2bb87123d6882ebd59dfbc668.file.jobs.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/N0ise by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/_bot by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/G-Bot by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/90093ad09988b466f409a1871733c5589014713e.file.index.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/6f7b99714cffad82719aea3b015eb61251f360f2.file.search_window.tpl. php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/23039842597b4c0eac0e62d3f7912cee20759393.file.os_window.tpl.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ZBOT by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bot_window.tpl by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/bot_window.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/botonline2.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/botnet_scripts.lng.en.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/botnet_bots.lng.ru.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/botnet_scripts.lng.ru.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ab2db27ca7f6cd28abfa207faf55485711f95330.file.create.tpl.php by us- ing a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/antivir_window.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bot.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/antivir.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bot.tpl by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/botnet_scripts.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/botnet_bots.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/bot_online.tpl by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/botnet_bots.lng.en.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/borlndmm.dat by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/boi854tr4w.php by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/bots by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/bot_cab.tpl by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/antivir_window.tpl by using a GET request on the URL without prior knowl- Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 123/125 https://crashtest-security.com

edge. + Retrieved https://eaglehillsjordan.com/mod_bots-qview.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/zecmd by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/n0ise by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/~rbtk by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/windowsupdatev7 by using a GET request on the URL without prior knowl- edge. + Retrieved https://eaglehillsjordan.com/iclok.php by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/cgl-bin by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/ij83d by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/oi2c by using a GET request on the URL without prior knowledge. + Retrieved https://eaglehillsjordan.com/odw3ux by using a GET request on the URL without prior knowledge. How to fix In some cases, it is completely OK to expose certain file paths as long as it is on purpose. While they can be exposed on purpose, others may be unwillingly exposed. These paths can either be protected by Basic Auth (htaccess) or be re- moved as they might not be needed on a production environment. More details on how to avoid exposing unnecessary information can be found in the knowledge database (see Recommendations) Recommendations https://wiki.crashtest-security.com/sensitive-data-exposure Crashtest Security GmbH eagle hills jordan | 31 Oct 21 | 22:21 CET Leopoldstr. 21, 80802 München, Germany Page 124/125 https://crashtest-security.com

Crashtest Security is a German IT security company specialized in automated web application security testing. The fully automated penetration test lets developers discover vulnerabilities in real-time and supports the remediation through an integrated knowledge base. CONTACT US: Crashtest Security GmbH Leopoldstr. 21 80802 München +49 (0) 89 215 41 665