Submitted URL: http://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?s...
Effective URL: https://login.costco.com/idp/SSO.saml2
Submission: On February 28 via manual from US

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 170.167.103.202, located in United States and belongs to COSTCO, US. The main domain is login.costco.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 5th 2018. Valid for: 2 years.
This is the only time login.costco.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 170.167.111.194 11283 (COSTCO)
1 2 170.167.111.193 11283 (COSTCO)
4 170.167.103.202 11283 (COSTCO)
5 2
Apex Domain
Subdomains
Transfer
8 costco.com
ecc.costco.com
ess.costco.com
login.costco.com
202 KB
5 1
Domain Requested by
4 login.costco.com ess.costco.com
login.costco.com
2 ess.costco.com 1 redirects
2 ecc.costco.com 2 redirects
5 3

This site contains links to these domains. Also see Links.

Domain
fssts.costco.com
Subject Issuer Validity Valid
ess.costco.com
DigiCert SHA2 Secure Server CA
2019-06-18 -
2021-06-22
2 years crt.sh
login.costco.com
DigiCert SHA2 Secure Server CA
2018-06-05 -
2020-06-24
2 years crt.sh

This page contains 1 frames:

Primary Page: https://login.costco.com/idp/SSO.saml2
Frame ID: 495AE7BF745368CCE18E091B6490BB85
Requests: 5 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOc... HTTP 302
    https://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOc... HTTP 302
    https://ess.costco.com/F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cHM6Ly9lY2MuY29zdGNvLmNvbS9zYXAvYmMvd2Vi... HTTP 302
    https://ess.costco.com/my.policy Page URL
  2. https://login.costco.com/idp/SSO.saml2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^big-?ip$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+foundation[^>"]+css/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

201 kB
Transfer

199 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=USR_ABORT&~SAPSessionCmd=USR_ABORT&SAPWP_ACTIVE=1&dsmguid=1582924991139 HTTP 302
    https://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=USR_ABORT&~SAPSessionCmd=USR_ABORT&SAPWP_ACTIVE=1&dsmguid=1582924991139 HTTP 302
    https://ess.costco.com/F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cHM6Ly9lY2MuY29zdGNvLmNvbS9zYXAvYmMvd2ViZHlucHJvL3NhcC9IUkVTU19BX01FTlU7c2FwLWV4dC1zaWQ9Q3hMUjE3QjR3V1NBRjU1V1BYbl9Rdy0tbG9EZ09jS1ZOWTRIaGVpSHFWV2VTUS0tP3NhcC1lcC1pdmlld2hhbmRsZT0wMDcxNDY4Mzg0NDgyJiZzYXAtd2QtdHN0YW1wPTE1ODI5MjQ5ODMzNzEmc2FwLXNlc3Npb25jbWQ9VVNSX0FCT1JUJn5TQVBTZXNzaW9uQ21kPVVTUl9BQk9SVCZTQVBXUF9BQ1RJVkU9MSZkc21ndWlkPTE1ODI5MjQ5OTExMzk%3d HTTP 302
    https://ess.costco.com/my.policy Page URL
  2. https://login.costco.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=USR_ABORT&~SAPSessionCmd=USR_ABORT&SAPWP_ACTIVE=1&dsmguid=1582924991139 HTTP 302
  • https://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=USR_ABORT&~SAPSessionCmd=USR_ABORT&SAPWP_ACTIVE=1&dsmguid=1582924991139 HTTP 302
  • https://ess.costco.com/F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cHM6Ly9lY2MuY29zdGNvLmNvbS9zYXAvYmMvd2ViZHlucHJvL3NhcC9IUkVTU19BX01FTlU7c2FwLWV4dC1zaWQ9Q3hMUjE3QjR3V1NBRjU1V1BYbl9Rdy0tbG9EZ09jS1ZOWTRIaGVpSHFWV2VTUS0tP3NhcC1lcC1pdmlld2hhbmRsZT0wMDcxNDY4Mzg0NDgyJiZzYXAtd2QtdHN0YW1wPTE1ODI5MjQ5ODMzNzEmc2FwLXNlc3Npb25jbWQ9VVNSX0FCT1JUJn5TQVBTZXNzaW9uQ21kPVVTUl9BQk9SVCZTQVBXUF9BQ1RJVkU9MSZkc21ndWlkPTE1ODI5MjQ5OTExMzk%3d HTTP 302
  • https://ess.costco.com/my.policy

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set my.policy
ess.costco.com/
Redirect Chain
  • http://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=USR...
  • https://ecc.costco.com/sap/bc/webdynpro/sap/HRESS_A_MENU;sap-ext-sid=CxLR17B4wWSAF55WPXn_Qw--loDgOcKVNY4HheiHqVWeSQ--?sap-ep-iviewhandle=0071468384482&&sap-wd-tstamp=1582924983371&sap-sessioncmd=US...
  • https://ess.costco.com/F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cHM6Ly9lY2MuY29zdGNvLmNvbS9zYXAvYmMvd2ViZHlucHJvL3NhcC9IUkVTU19BX01FTlU7c2FwLWV4dC1zaWQ9Q3hMUjE3QjR3V1NBRjU1V1BYbl9Rdy0tbG9EZ09jS1ZOWTRIaG...
  • https://ess.costco.com/my.policy
1 KB
2 KB
Document
General
Full URL
https://ess.costco.com/my.policy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.167.111.193 , United States, ASN11283 (COSTCO, US),
Reverse DNS
Software
BigIP /
Resource Hash
318dcc765e40e6d30ca36ec07a61d1ab062c193f776047f3a5d8e37bbf0bb5a6
Security Headers
Name Value
Strict-Transport-Security
X-Frame-Options ALLOW

Request headers

Host
ess.costco.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
LastMRH_Session=4b55a236; MRHSession=562c6b87f04c73c9262320ca4b55a236
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
BigIP
Content-Type
text/html; charset=ISO-8859-1
Accept-Ranges
bytes
Connection
close
Date
Fri, 28 Feb 2020 21:53:30 GMT
Age
4961
Content-Length
1392
X-Frame-Options
ALLOW
Cache-Control
no-store
Vary
Accept-Encoding
Strict-Transport-Security
Set-Cookie
LastMRH_Session=4b55a236;path=/;secure;HttpOnly MRHSession=d557d43a748a414cb93e47254b55a236;path=/;secure;HttpOnly

Redirect headers

Server
BigIP
Connection
Close
Content-Length
0
Location
/my.policy
Set-Cookie
LastMRH_Session=4b55a236;path=/;secure;HttpOnly MRHSession=562c6b87f04c73c9262320ca4b55a236;path=/;secure;HttpOnly MRHSHint=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Primary Request Cookie set SSO.saml2
login.costco.com/idp/
9 KB
9 KB
Document
General
Full URL
https://login.costco.com/idp/SSO.saml2
Requested by
Host: ess.costco.com
URL: https://ess.costco.com/my.policy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.167.103.202 , United States, ASN11283 (COSTCO, US),
Reverse DNS
kronosmobile.costco.com
Software
/
Resource Hash
e1f4adc8125ef2d5f625d2cd97ba7c39713bf908c2537a6824e7931f50ba3eff
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://ess.costco.com/my.policy

Request headers

Host
login.costco.com
Connection
keep-alive
Content-Length
750
Pragma
no-cache
Cache-Control
no-cache
Origin
https://ess.costco.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Referer
https://ess.costco.com/my.policy
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Origin
https://ess.costco.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://ess.costco.com/my.policy

Response headers

Date
Fri, 28 Feb 2020 21:53:30 GMT
Referrer-Policy
origin
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
Set-Cookie
PF=rxHKloR5D1Q87m3uyDA3kGAD7vsKSpdkhDzMQpVHxbw6;Path=/;Secure;HttpOnly;SameSite=None vb3SUftSQ61vN9VxXZGrmo2kErC6pYcGAPzB5iT7C0iciK03k=!T0Xs5D8tQTxTZhI+koWB6Y0IbausKwBUTd10x8gyF8N+/huqQ3aV3Z8vL8C4i8E1Ams6k3sGo9cfYg==; path=/; Httponly; Secure
Content-Length
9089
X-Frame-Options
ALLOW-FROM https://ess.costco.com/my.policy
foundation.css
login.costco.com/assets/css/
176 KB
177 KB
Stylesheet
General
Full URL
https://login.costco.com/assets/css/foundation.css
Requested by
Host: login.costco.com
URL: https://login.costco.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.167.103.202 , United States, ASN11283 (COSTCO, US),
Reverse DNS
kronosmobile.costco.com
Software
/
Resource Hash
894fdb5de8f134561d61e1c6ab77280b6a067415673604025bfedd00d42c22e4
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://login.costco.com/

Request headers

Referer
https://login.costco.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 28 Feb 2020 21:53:31 GMT
Cache-Control
max-age=0, must-revalidate
Referrer-Policy
origin
Last-Modified
Wed, 04 Apr 2018 21:50:20 GMT
Content-Length
180557
X-Frame-Options
ALLOW-FROM https://login.costco.com/
Content-Type
text/css
app.css
login.costco.com/assets/css/
5 KB
5 KB
Stylesheet
General
Full URL
https://login.costco.com/assets/css/app.css
Requested by
Host: login.costco.com
URL: https://login.costco.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.167.103.202 , United States, ASN11283 (COSTCO, US),
Reverse DNS
kronosmobile.costco.com
Software
/
Resource Hash
cd5ce30993756a260f5bbcd56ddf359e8533e0166423d4e838d8bd3d54991d68
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://login.costco.com/

Request headers

Referer
https://login.costco.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 28 Feb 2020 21:53:31 GMT
Cache-Control
max-age=0, must-revalidate
Referrer-Policy
origin
Last-Modified
Wed, 04 Apr 2018 22:10:59 GMT
Content-Length
4950
X-Frame-Options
ALLOW-FROM https://login.costco.com/
Content-Type
text/css
costco_logo_160px.png
login.costco.com/assets/images/
8 KB
8 KB
Image
General
Full URL
https://login.costco.com/assets/images/costco_logo_160px.png
Requested by
Host: login.costco.com
URL: https://login.costco.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.167.103.202 , United States, ASN11283 (COSTCO, US),
Reverse DNS
kronosmobile.costco.com
Software
/
Resource Hash
ec147ba6fc006244c0505530e092b3027eeb63d9998d776f125ff53a3a536bbb
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://login.costco.com/

Request headers

Referer
https://login.costco.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 28 Feb 2020 21:53:31 GMT
Cache-Control
max-age=0, must-revalidate
Referrer-Policy
origin
Last-Modified
Fri, 03 Jun 2016 02:05:37 GMT
Content-Length
7993
X-Frame-Options
ALLOW-FROM https://login.costco.com/
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| iframefix function| postOk function| postCancel function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width boolean| remember

2 Cookies

Domain/Path Name / Value
login.costco.com/ Name: vb3SUftSQ61vN9VxXZGrmo2kErC6pYcGAPzB5iT7C0iciK03k
Value: !T0Xs5D8tQTxTZhI+koWB6Y0IbausKwBUTd10x8gyF8N+/huqQ3aV3Z8vL8C4i8E1Ams6k3sGo9cfYg==
login.costco.com/ Name: PF
Value: rxHKloR5D1Q87m3uyDA3kGAD7vsKSpdkhDzMQpVHxbw6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security
X-Frame-Options ALLOW