Developer

Report
Acunetix Security Audit

20 November 2018

Generated by Acunetix
Scan of 172.18.226.16

Scan details
Scan information
Start time 20/11/2018, 15:41:24
Start url https://172.18.226.16:8443/prweb
Host 172.18.226.16
Scan time 301 minutes, 14 seconds
Profile Full Scan
Responsive True

Threat level

Acunetix Threat Level 2

One or more medium-severity type vulnerabilities have been discovered by the scanner. You should investigate each of these vulnerabilities to ensure they will not escalate to more severe problems.

Alerts distribution

Total alerts found 14

High 0
Medium 1
Low 3
Informational 10
Alerts summary

HTTPS connection with weak key length

Classification
Base Score: 5.8
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 9.1
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None
CWE CWE-310
Affected items Variation
Web Server 1

Cookie(s) without HttpOnly flag set

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1

Cookie(s) without Secure flag set

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1

Session token in URL

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
 Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD 1

Content Security Policy (CSP) not implemented

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/prweb 1

Content type is not specified

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b! 1
/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1! 1
/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0! 1
/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb! 1
/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6! 1

Email address found

Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD 1
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.j
1
s
 Possible username or password disclosure

Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475
1
725.js!!.js
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js 1
Alerts details

HTTPS connection with weak key length

Severity Medium
Reported by module /Crawler/12-Crawler_HTTPS_weak_key_length.js

Description

The key length for HTTPS connections is lower than the recommended 128 bits.

Impact

The connection may be intercepted and possibly decrypted by a third party.

Recommendation

The key length should be at least 128 bits.

References

Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection

(https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002))

Affected items

Web Server
Details
TLSv1.2: (0)
Request headers

Cookie(s) without HttpOnly flag set

Severity Low
Reported by module /RPA/Cookie_Without_HttpOnly.js

Description

This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side
scripts. This is an important security protection for session cookies.

Impact

None

Recommendation

If possible, you should set the HTTPOnly flag for this cookie.

Affected items

Web Server
Details
[object Object]
Request headers
GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive

Cookie(s) without Secure flag set

Severity Low
Reported by module /RPA/Cookie_Without_Secure.js

Description

This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an
important security protection for session cookies.

Impact

None

Recommendation

If possible, you should set the Secure flag for this cookie.

Affected items

Web Server
Details
[object Object]
Request headers
 GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive

Session token in URL

Severity Low
Reported by module /RPA/Session_Token_In_Url.js

Description

This application contains a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer
header.

Impact

Possible sensitive information disclosure.

Recommendation

The session should be maintained using cookies (or hidden input fields).

Affected items

/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
Details

Request headers
POST /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD?pyActivity=Pega-UI-
CommandPalette.pzGetPaletteOptions&pzHarnessID=HID5FA9D321379BB54E61B2B42639835F26 HTTP/1.1
Cookie: JSESSIONID=2A89321F49088C425F86577E18C62B9C;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 0
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive

Content Security Policy (CSP) not implemented

Severity Informational
Reported by module /httpdata/CSP_not_implemented.js

Description

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header is a string containing the policy directives describing your Content
Security Policy. To implement CSP, you should define lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to load
scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look like the following:

Content-Security-Policy:

default-src 'self';

script-src 'self' https://code.jquery.com;

It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing from the response. It's recommended to implement Content Security Policy
(CSP) into your web application.

Impact

CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks, attacks that require embedding a malicious resource, attacks that
involve malicious use of iframes, such as clickjacking attacks, and others.

Recommendation

It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web
page and giving it values to control resources the user agent is allowed to load for that page.

References

Content Security Policy (CSP) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)

Implementing Content Security Policy (https://hacks.mozilla.org/2016/02/implementing-content-security-policy/)

Affected items

/prweb
Details

Request headers
GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
 Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive

Content type is not specified

Severity Informational
Reported by module /RPA/Content_Type_Missing.js

Description

This page does not set a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could
lead to security problems.

Impact

None

Recommendation

Set a Content-Type header value for this page.

Affected items

/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!
Details

Request headers
GET /prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!?Content-Type=application/json&PZSRVRPSH=true&X-Atmosphere-Framework=2.3.1-
javascript&X-Atmosphere-TrackMessageSize=true&X-Atmosphere-Transport=long-polling&X-Atmosphere-tracking-id=0&X-atmo-
protocol=true&_=1542708721933&portalName=Developer HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1!
Details

Request headers
GET /prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=21D101FB1AB5E2C60472F273EE807CA8;Pega-
RULES=%09%7Bpd%7DAAAAAW0TbXcaI651XElR69Zc3lAjlJ%2F%2FG3sVT3CmR6CFH3XGgrBkTKlMh9UPMEiFiaWOug%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0!
Details

Request headers
GET /prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!
Details

Request headers
GET /prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!?Content-Type=application/json&PZSRVRPSH=true&X-Atmosphere-Framework=2.3.1-
javascript&X-Atmosphere-TrackMessageSize=true&X-Atmosphere-Transport=long-polling&X-Atmosphere-tracking-id=0&X-atmo-
protocol=true&_=1542708781370&portalName=Developer HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6!
Details

Request headers
GET /prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=E2B57E420DEAA289BB23BB5C6609FD86;Pega-
RULES=%09%7Bpd%7DAAAAAQG5yRq8e4CG7S9ASUp1CsCS%2Bxx4MfK%2B6O8lRvWqkttbyHW3Mkq2ajQR4O64IMHGzQ%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
 Email address found

Severity Informational
Reported by module /Scripts/PerFile/Text_Search_File.script

Description

One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email
extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any
addresses found.

Impact

Email addresses posted on Web sites may attract spam.

Recommendation

Check references for details on how to solve this problem.

References

Anti-spam techniques (https://en.wikipedia.org/wiki/Anti-spam_techniques)

Affected items

/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
Details
Pattern found:

Administrator@pega.com

Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js
Details
Pattern found:

Administrator@pega.com

Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive

Possible username or password disclosure

Severity Informational
Reported by module /Scripts/PerFile/Text_Search_File.script

Description

A username and/or password was found in this file. This information could be sensitive.

This alert may be a false positive, manual confirmation is required.

Impact

Possible sensitive information disclosure.

Recommendation

Remove this file from your website or change its permissions to remove access.

Affected items

/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js
Details
Pattern found:

password=new

Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js
Details
Pattern found:

Password=true

Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Scanned items (coverage report)
https://172.18.226.16:8443/
https://172.18.226.16:8443/prweb
https://172.18.226.16:8443/prweb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/!STANDARD
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/py-login-screen.css
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/pxfont-OpenSans-Bold.woff2
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/pxfont-OpenSans-Regular.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/desktopimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/image/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/images/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pega_ui_harness_deferred_11914393966!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_control_menu_scripts_12722237665!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_gapidentifier_staticbundle_script_1225903173!pzpega_gapidentifier_smartfeedback_script_1225182262!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_guide_staticbundle_script_1223806014!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_panelhelper_staticbundle_script_1183697919!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_socialpanel_staticbundle_script_1223347264!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_automation_scripts_11755860240!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_harness_deferred_before_12400797108!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_harness_deferred_ts_1881921832!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_redux_1220725820!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_templates_default_172948906!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/templateimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/themeimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/css/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/desktopimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/en_us_8997ee48a10c59351bcf6cbc5a34d4ca_locale_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/expression_calculation_13399958605.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_c4c19ddeb4e7beea5028240b5d636661_applicationdata_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/image/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/images/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/images/dhtmlx/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/img/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/img/network/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_tools_xmldocument_1863634849.js!pega_ui_menubar_13922181698.js!pzpega_ui_launchflow_11808081532.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/py-avatar_11622621979.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzaftinfra_12112894337.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzharnessv2_pzstudio9f60b58525382bc4b94cd7571ef44cb9ad096af92612f67ed85d6cb9f50cbbd5_full_1374539733.css!!.cs
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzjquery-ui_12524318908.css!pega_yui_styles_min_12855405641!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzoperatorpresencescript_11346230706.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-automation-style-bundle_13210741946!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-components-panels_1786826304.css!pzpega-ui-components-
highlight_12425196879.css!pzjstree_13241347271.css!pzpega-ui-components-tree_1972436511.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-inspector-style-bundle_14085978174!pzedit_config_style_1100859666.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_control_menu_scripts_12722237665!pzpega_ui_lgtemplate_12932849878.js!pzpega_ui_lgcelltemplate_1625220729.j
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_control_textinput_12469617486.js!pzpega_ui_template_textinput_13811584721.js!pzpega_ui_decimal_13948517401.
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_panelhelper_staticbundle_style_1225575492!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_command_palette_13631650516.js!pzdesignerstudiowindowload_12798764217.js!pzappexaction_13233242713.js
wrkspace-studio-common_113372872.js!pzhandletransitionsscript_1972413627.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_decimal_13948517401.js!pzpega_ui_formatnumber_13702883570.js!pzpega_ui_markdown_it_13093754858.js!pz
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_dynamiccontainer_12437436868.js!pzpega_ui_dc_mru_13560024250.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_harnesscontext_1567413440!pzevalharnessjson_12337917940.js!clientlogbase_11632504602.js!pzpega_ui_lib_pr
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_rdl_11962030440.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_rdltemplate_1808518274.js!pzpega_ui_rdlrowtemplate_1612878007.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_button_14173945505.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_icon_1246806692.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_link_1668633989.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzquirks-mode-
check_1521661977.js!pzdesignerstudiotoplevelscripts_14291990060.js!pzdesignerstudiohotkeysupport_12901938393.js!pypegasilverlight_12181542389.js!pzmoveerrorstomodal_1991154851.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzskinv2_pzdesignerstudioa62c634d5f7650d2af3a4213784e15708822133868797fd16d7e959cda82fde3_full_1187733776.cs
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzskinv2_pzruntime-
tools2b0206768e256ba8fbc8eef025220e7db46044ab454d23fbdd8c9fda1e4895e6_full_12547593045.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/survey_ui_userscript_offline_14089523909.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/templateimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/templates_default_constant_values6075be40a66ed6c7d0227715aebe62016694cde0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/to_e9ca5c64ebcfd3cd860c746f33bd8c6e_locale_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/px-font-pega-icons.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Bold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-ExtraBold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Light.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Regular.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Semibold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-Pega-Applications-Bold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pzMozBindingEllipsis.xml
https://172.18.226.16:8443/prweb/PRPushServlet/
https://172.18.226.16:8443/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!
https://172.18.226.16:8443/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1!
https://172.18.226.16:8443/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0!
https://172.18.226.16:8443/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!
https://172.18.226.16:8443/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6!