Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Report
Acunetix Security Audit
20 November 2018
Generated by Acunetix
Scan of 172.18.226.16
Scan details
Scan information
Start time 20/11/2018, 15:41:24
Start url https://172.18.226.16:8443/prweb
Host 172.18.226.16
Scan time 301 minutes, 14 seconds
Profile Full Scan
Responsive True
Threat level
One or more medium-severity type vulnerabilities have been discovered by the scanner. You should investigate each of these vulnerabilities to ensure they will not escalate to more severe problems.
Alerts distribution
Classification
Base Score: 5.8
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 9.1
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None
CWE CWE-310
Affected items Variation
Web Server 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/prweb 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b! 1
/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1! 1
/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0! 1
/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb! 1
/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6! 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD 1
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.j
1
s
Possible username or password disclosure
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475
1
725.js!!.js
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js 1
Alerts details
Severity Medium
Reported by module /Crawler/12-Crawler_HTTPS_weak_key_length.js
Description
The key length for HTTPS connections is lower than the recommended 128 bits.
Impact
Recommendation
References
Affected items
Web Server
Details
TLSv1.2: (0)
Request headers
Severity Low
Reported by module /RPA/Cookie_Without_HttpOnly.js
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side
scripts. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
Web Server
Details
[object Object]
Request headers
GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Severity Low
Reported by module /RPA/Cookie_Without_Secure.js
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an
important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
Web Server
Details
[object Object]
Request headers
GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Severity Low
Reported by module /RPA/Session_Token_In_Url.js
Description
This application contains a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer
header.
Impact
Recommendation
The session should be maintained using cookies (or hidden input fields).
Affected items
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
Details
Request headers
POST /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD?pyActivity=Pega-UI-
CommandPalette.pzGetPaletteOptions&pzHarnessID=HID5FA9D321379BB54E61B2B42639835F26 HTTP/1.1
Cookie: JSESSIONID=2A89321F49088C425F86577E18C62B9C;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 0
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Severity Informational
Reported by module /httpdata/CSP_not_implemented.js
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header is a string containing the policy directives describing your Content
Security Policy. To implement CSP, you should define lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to load
scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look like the following:
Content-Security-Policy:
default-src 'self';
It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing from the response. It's recommended to implement Content Security Policy
(CSP) into your web application.
Impact
CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks, attacks that require embedding a malicious resource, attacks that
involve malicious use of iframes, such as clickjacking attacks, and others.
Recommendation
It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web
page and giving it values to control resources the user agent is allowed to load for that page.
References
Affected items
/prweb
Details
Request headers
GET /prweb HTTP/1.1
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Severity Informational
Reported by module /RPA/Content_Type_Missing.js
Description
This page does not set a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could
lead to security problems.
Impact
None
Recommendation
Affected items
/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!
Details
Request headers
GET /prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!?Content-Type=application/json&PZSRVRPSH=true&X-Atmosphere-Framework=2.3.1-
javascript&X-Atmosphere-TrackMessageSize=true&X-Atmosphere-Transport=long-polling&X-Atmosphere-tracking-id=0&X-atmo-
protocol=true&_=1542708721933&portalName=Developer HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1!
Details
Request headers
GET /prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=21D101FB1AB5E2C60472F273EE807CA8;Pega-
RULES=%09%7Bpd%7DAAAAAW0TbXcaI651XElR69Zc3lAjlJ%2F%2FG3sVT3CmR6CFH3XGgrBkTKlMh9UPMEiFiaWOug%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0!
Details
Request headers
GET /prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=4A483191388FE0351E5D5CD0E26819B4;Pega-
RULES=%09%7Bpd%7DAAAAAXdD9KjNtpkIU5gcegGRiZ9Aep%2BQd5Pj7P7l30SKIC6K1okf%2FxZEWE8ZsJax6BhZjg%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!
Details
Request headers
GET /prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!?Content-Type=application/json&PZSRVRPSH=true&X-Atmosphere-Framework=2.3.1-
javascript&X-Atmosphere-TrackMessageSize=true&X-Atmosphere-Transport=long-polling&X-Atmosphere-tracking-id=0&X-atmo-
protocol=true&_=1542708781370&portalName=Developer HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6!
Details
Request headers
GET /prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6! HTTP/1.1
Referer: https://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Cookie: JSESSIONID=E2B57E420DEAA289BB23BB5C6609FD86;Pega-
RULES=%09%7Bpd%7DAAAAAQG5yRq8e4CG7S9ASUp1CsCS%2Bxx4MfK%2B6O8lRvWqkttbyHW3Mkq2ajQR4O64IMHGzQ%3D%3DA
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
Connection: Keep-alive
Email address found
Severity Informational
Reported by module /Scripts/PerFile/Text_Search_File.script
Description
One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email
extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any
addresses found.
Impact
Recommendation
References
Affected items
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
Details
Pattern found:
Administrator@pega.com
Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD HTTP/1.1
Cookie: JSESSIONID=3892971A9C1BE5186328EC8FED0306DA;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js
Details
Pattern found:
Administrator@pega.com
Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Severity Informational
Reported by module /Scripts/PerFile/Text_Search_File.script
Description
A username and/or password was found in this file. This information could be sensitive.
Impact
Recommendation
Remove this file from your website or change its permissions to remove access.
Affected items
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js
Details
Pattern found:
password=new
Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js
Details
Pattern found:
Password=true
Request headers
GET /prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js HTTP/1.1
Cookie: JSESSIONID=46C6547805693710F77DA683747CD1B9;Pega-
RULES=%09%7Bpd%7DAAAAATEU2jystIP4xIRH7TDw%2FJXMeQlyl1ZYVizroLo0ZelHaVUxaNZkii%2F08zM8iWRczg%3D%3DA
Authorization: Basic dG9tY2F0Og==
Accept: */*
Accept-Encoding: gzip,deflate
Host: 172.18.226.16:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Scanned items (coverage report)
https://172.18.226.16:8443/
https://172.18.226.16:8443/prweb
https://172.18.226.16:8443/prweb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/!STANDARD
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/py-login-screen.css
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/pxfont-OpenSans-Bold.woff2
https://172.18.226.16:8443/prweb/beEBp4uRVTogorRwSwWqbOtn9IL2fwdI*/webwb/webwb/pxfont-OpenSans-Regular.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/!STANDARD
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/desktopimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/image/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/images/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pega_ui_harness_deferred_11914393966!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_control_menu_scripts_12722237665!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_gapidentifier_staticbundle_script_1225903173!pzpega_gapidentifier_smartfeedback_script_1225182262!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_guide_staticbundle_script_1223806014!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_panelhelper_staticbundle_script_1183697919!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_socialpanel_staticbundle_script_1223347264!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_automation_scripts_11755860240!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_harness_deferred_before_12400797108!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_harness_deferred_ts_1881921832!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_redux_1220725820!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/pzpega_ui_templates_default_172948906!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/templateimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/themeimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/css/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/desktopimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/en_us_8997ee48a10c59351bcf6cbc5a34d4ca_locale_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/expression_calculation_13399958605.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_a70614b682c618850d1416bb059d022d_portaldata_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/gen_c4c19ddeb4e7beea5028240b5d636661_applicationdata_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/image/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/images/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/images/dhtmlx/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/img/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/img/network/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_tools_xmldocument_1863634849.js!pega_ui_menubar_13922181698.js!pzpega_ui_launchflow_11808081532.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pega_validators_1278277272.js!input_formatter_13696475725.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pegacompositegadgetmgr_13593693990.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/py-avatar_11622621979.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzaftinfra_12112894337.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzharnessv2_pzstudio9f60b58525382bc4b94cd7571ef44cb9ad096af92612f67ed85d6cb9f50cbbd5_full_1374539733.css!!.cs
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzjquery-ui_12524318908.css!pega_yui_styles_min_12855405641!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzoperatorpresencescript_11346230706.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-automation-style-bundle_13210741946!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-components-panels_1786826304.css!pzpega-ui-components-
highlight_12425196879.css!pzjstree_13241347271.css!pzpega-ui-components-tree_1972436511.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega-ui-inspector-style-bundle_14085978174!pzedit_config_style_1100859666.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_control_menu_scripts_12722237665!pzpega_ui_lgtemplate_12932849878.js!pzpega_ui_lgcelltemplate_1625220729.j
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_control_textinput_12469617486.js!pzpega_ui_template_textinput_13811584721.js!pzpega_ui_decimal_13948517401.
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_panelhelper_staticbundle_style_1225575492!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_command_palette_13631650516.js!pzdesignerstudiowindowload_12798764217.js!pzappexaction_13233242713.js
wrkspace-studio-common_113372872.js!pzhandletransitionsscript_1972413627.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_decimal_13948517401.js!pzpega_ui_formatnumber_13702883570.js!pzpega_ui_markdown_it_13093754858.js!pz
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_dynamiccontainer_12437436868.js!pzpega_ui_dc_mru_13560024250.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_harnesscontext_1567413440!pzevalharnessjson_12337917940.js!clientlogbase_11632504602.js!pzpega_ui_lib_pr
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_rdl_11962030440.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_rdltemplate_1808518274.js!pzpega_ui_rdlrowtemplate_1612878007.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_button_14173945505.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_icon_1246806692.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzpega_ui_template_link_1668633989.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzquirks-mode-
check_1521661977.js!pzdesignerstudiotoplevelscripts_14291990060.js!pzdesignerstudiohotkeysupport_12901938393.js!pypegasilverlight_12181542389.js!pzmoveerrorstomodal_1991154851.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzskinv2_pzdesignerstudioa62c634d5f7650d2af3a4213784e15708822133868797fd16d7e959cda82fde3_full_1187733776.cs
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/pzskinv2_pzruntime-
tools2b0206768e256ba8fbc8eef025220e7db46044ab454d23fbdd8c9fda1e4895e6_full_12547593045.css!!.css
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/survey_ui_userscript_offline_14089523909.js!!.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/templateimages/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/templates_default_constant_values6075be40a66ed6c7d0227715aebe62016694cde0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/to_e9ca5c64ebcfd3cd860c746f33bd8c6e_locale_0.js
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/px-font-pega-icons.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Bold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-ExtraBold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Light.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Regular.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-OpenSans-Semibold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pxfont-Pega-Applications-Bold.woff2
https://172.18.226.16:8443/prweb/pbdorj4V2aBoI4ScEONLsEaxdEWiqDby*/webwb/webwb/pzMozBindingEllipsis.xml
https://172.18.226.16:8443/prweb/PRPushServlet/
https://172.18.226.16:8443/prweb/PRPushServlet/!@0108e4c745324d312ca006a4d5ed287b!
https://172.18.226.16:8443/prweb/PRPushServlet/!@0f2b5662864affd947bd82fa24e6b6a1!
https://172.18.226.16:8443/prweb/PRPushServlet/!@29b7436f2341974addadcd0aacea98b0!
https://172.18.226.16:8443/prweb/PRPushServlet/!@f5684ddae7f59f5e59518e81365010cb!
https://172.18.226.16:8443/prweb/PRPushServlet/!@fc0d058c71e740210f9752c3847769a6!