Submitted URL: https://kronosess.nyp.org/
Effective URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzf...
Submission Tags: alexa
Submission: On May 14 via api from BG — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 143.104.237.46, located in New York, United States and belongs to NYP-INTERNET, US. The main domain is fed.nyp.org. The Cisco Umbrella rank of the primary domain is 820201.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on April 19th 2024. Valid for: a year.
This is the only time fed.nyp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 143.104.237.139 395139 (NYP-INTERNET)
9 143.104.237.46 395139 (NYP-INTERNET)
1 3.208.162.187 14618 (AMAZON-AES)
10 2
Apex Domain
Subdomains
Transfer
11 nyp.org
kronosess.nyp.org
fed.nyp.org — Cisco Umbrella Rank: 820201
1 MB
1 twosense.ai
sentry.twosense.ai
272 B
10 2
Domain Requested by
9 fed.nyp.org fed.nyp.org
2 kronosess.nyp.org 2 redirects
1 sentry.twosense.ai fed.nyp.org
10 3

This site contains no links.

Subject Issuer Validity Valid
fed.nyp.org
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-19 -
2025-04-18
a year crt.sh
*.twosense.ai
Amazon RSA 2048 M02
2024-04-16 -
2025-05-15
a year crt.sh

This page contains 1 frames:

Primary Page: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Frame ID: 7546088742804BF895FBA9CE25BEB17C
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

NYP SSO Login

Page URL History Show full URLs

  1. https://kronosess.nyp.org/ HTTP 301
    https://kronosess.nyp.org/wfc/logon HTTP 302
    https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2t... Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

1327 kB
Transfer

1318 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kronosess.nyp.org/ HTTP 301
    https://kronosess.nyp.org/wfc/logon HTTP 302
    https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request SSO.saml2
fed.nyp.org/idp/
Redirect Chain
  • https://kronosess.nyp.org/
  • https://kronosess.nyp.org/wfc/logon
  • https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFv...
6 KB
7 KB
Document
General
Full URL
https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
d191263a2860033c2c0066a3a97039d6e03bea98903645bf68a16de506c7946f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store
Content-Length
6030
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Content-Type
text/html;charset=utf-8
Date
Tue, 14 May 2024 11:23:58 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Content-Language
en-
Content-Length
0
Content-Type
;charset=utf-8
Date
Tue, 14 May 2024 11:23:56 GMT
Location
https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Pragma
no-cache
Server
Strict-Transport-Security
max-age=63072000; includeSubdomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
base-custom-prod.css
fed.nyp.org/assets/css/
2 KB
3 KB
Stylesheet
General
Full URL
https://fed.nyp.org/assets/css/base-custom-prod.css
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
116b16fc7771a3d4c476a225970e1421f3b1bc89adb13741962fa62b510a0e40
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:58 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Length
1748
X-XSS-Protection
1; mode=block
nyp_h_pos_red_rgb_122716.png
fed.nyp.org/assets/images/
35 KB
36 KB
Image
General
Full URL
https://fed.nyp.org/assets/images/nyp_h_pos_red_rgb_122716.png
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
a7ea879d2de7ef077115c00c64e53fefa3689c9cdbad8bd81f5e8d16e7037d09
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:58 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Length
36161
X-XSS-Protection
1; mode=block
NYP_ONEID_cropped.png
fed.nyp.org/assets/images/
21 KB
22 KB
Image
General
Full URL
https://fed.nyp.org/assets/images/NYP_ONEID_cropped.png
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
6df5317bc6541b64cc7e16ac4520d9b36ded06660dfb2e86a37039f7a1a8f0ff
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:58 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Length
21813
X-XSS-Protection
1; mode=block
twosense-client.js
fed.nyp.org/assets/scripts/
182 KB
183 KB
Script
General
Full URL
https://fed.nyp.org/assets/scripts/twosense-client.js
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
c17e62829854d6bf7c2d2adc255a5e6b24a9125d6d22f6f9649878df612fd912
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:58 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Fri, 10 May 2024 02:02:28 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
186400
X-XSS-Protection
1; mode=block
Service-Worker-Allowed
/
base-custom.css
fed.nyp.org/assets/css/
17 KB
18 KB
Stylesheet
General
Full URL
https://fed.nyp.org/assets/css/base-custom.css
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/assets/css/base-custom-prod.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
c36cadb53b9dd1a1baf9a1a0ace84413b1834312a72daed88da8f3c0005ba8f7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:58 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Length
17469
X-XSS-Protection
1; mode=block
background-city-large.jpg
fed.nyp.org/assets/images/
990 KB
991 KB
Image
General
Full URL
https://fed.nyp.org/assets/images/background-city-large.jpg
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/assets/css/base-custom-prod.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
215efafaa2b226455e0f122c8799a58af608165371a0000cc869fa7aea626202
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:59 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/jpeg
Cache-Control
max-age=0, must-revalidate
Content-Length
1013576
X-XSS-Protection
1; mode=block
small_skyline.png
fed.nyp.org/assets/images/
50 KB
51 KB
Image
General
Full URL
https://fed.nyp.org/assets/images/small_skyline.png
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/assets/css/base-custom.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
e82d11a480c04a989656a729983d21f7f0b83e67b89a2a237ae9d80332752ba5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:23:59 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 13 Jun 2023 20:15:17 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Length
50971
X-XSS-Protection
1; mode=block
/
sentry.twosense.ai/api/5952723/envelope/
2 B
272 B
Fetch
General
Full URL
https://sentry.twosense.ai/api/5952723/envelope/?sentry_key=e9f155633cd34d95bc9d622445654fcc&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.110.1
Requested by
Host: fed.nyp.org
URL: https://fed.nyp.org/assets/scripts/twosense-client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.208.162.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-162-187.compute-1.amazonaws.com
Software
sentry-relay/24.3.0 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 14 May 2024 11:23:59 GMT
server
sentry-relay/24.3.0
vary
origin, access-control-request-method, access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
content-length
2
favicon.ico
fed.nyp.org/
15 KB
16 KB
Other
General
Full URL
https://fed.nyp.org/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
143.104.237.46 New York, United States, ASN395139 (NYP-INTERNET, US),
Reverse DNS
Software
/
Resource Hash
b9b5ddcf73d33a39427259f7017fca4c69db9a3b219a0cab1381247c70dfbfdd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fed.nyp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 14 May 2024 11:24:00 GMT
Content-Security-Policy
default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Referrer-Policy
origin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Thu, 12 Dec 2019 23:42:57 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/x-icon
Content-Length
15086
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| postOk function| postCancel function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width boolean| remember object| _global object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| __SENTRY__

4 Cookies

Domain/Path Name / Value
kronosess.nyp.org/ Name: BIGipServer~KRONOS_traffic_grp-2~kronosess_https_pool
Value: !yneNa6o2EyQeTiJjtDLAADhCeswvQnurLE+GZKATqkMqE42+MWwU66apQdQtkK4XIcA10J+8eB2muA==
kronosess.nyp.org/ Name: JSESSIONID
Value: bTlaIb9r6QBkMGSi0lCj2gegwFVp7xJqghVX1MRM.4c207d75-0005-493b-b8ff-7144ccfaa816
fed.nyp.org/ Name: PF
Value: jYTuhgTPuPM1Do2q8qTPC7
fed.nyp.org/ Name: BIGipServer~INFO-SEC_traffic_grp-2~fed_https_pool
Value: !CU2j+G3gJvMlYSJjtDLAADhCeswvQsm1KzSw4z3GpAvfqu9FUsYmHbMeQ3M31VzVGnE0t3AoEJNlZcM=

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://fed.nyp.org/idp/SSO.saml2?SAMLRequest=fZFPT8JAEMW%2FSrN3%2Bp%2BCG9oE5SAJCqFFEy9maaewsZ2tO1vUby8UUDzIcTJv3rzfzIhEXfkNH7dmi0t4b4GM9VlXSPzYiVmrkStBkjiKGoibnKfjhxn3bZc3WhmVq4pZYyLQRiq8U0htDToFvZM5rJazmG2NaYg7zptWqAiIbPxqbKU3zkeZO5XaKHyWZruaTpg12SeQKA5Wv4MlFD8jsmicNJ3bXT5mTScxe%2FXKKPDCKFjfDMpoHUFUlEN3WHj9QARRkB9kRC1MkYxAEzPf9cOe2%2B95YeZ53A94f2APQveFWYsT0a3EQuLmOv76KCJ%2Bn2WL3mKeZp3BThagH%2FfqK%2BTMegJNHeTeiSWjDod3MfXlB64nEOezs%2BTfVSPn0js5lX9%2FnnwD&RelayState=
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.pingone.com ; img-src 'self' *.nyp.org *.pingone.com *.duosecurity.com *.duo.com data: ; connect-src 'self' http://127.0.0.1:27367 *.twosense.ai *.pingone.com *.mixpanel.com; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' *.nyp.org *.pingone.com *.googleapis.com ; worker-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pingone.com *.nyp.org data: ; object-src 'none' ; frame-ancestors 'self' *.nyp.org *.pingone.com *.infor.com *.service-now.com *.sabacloud.com ; child-src 'self' data: *.duosecurity.com
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block