URL: http://www.merr.us/wp-content/themes/nv/login.php
Submission: On September 24 via automatic, source openphish

Summary

This website contacted 12 IPs in 4 countries across 7 domains to perform 30 HTTP transactions. The main IP is 64.251.208.30, located in Madison, United States and belongs to BADGER-INTERNET-INC - Badger Internet, Inc., US. The main domain is www.merr.us.
This is the only time www.merr.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Navy Federal Credit Union (Government)

Domain & IP information

IP Address AS Autonomous System
2 64.251.208.30 26284 (BADGER-IN...)
1 2a00:1450:400... 15169 (GOOGLE)
13 23.67.128.237 20940 (AKAMAI-ASN1)
4 104.109.65.60 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 178.249.101.23 11054 (LIVEPERSON)
1 2a03:6400:16:... 11054 (LIVEPERSON)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:6400:10:... 11054 (LIVEPERSON)
1 1 2606:b400:881... ()
2 208.89.12.87 11054 (LIVEPERSON)
30 12
Domain Requested by
13 my.navyfederal.org www.merr.us
4 www.navyfederal.org www.merr.us
2 va.v.liveperson.net lptag.liveperson.net
2 lptag.liveperson.net www.navyfederal.org
2 www.merr.us my.navyfederal.org
1 rnemsg.navyfederal.org 1 redirects
1 liveengage.navyfederal.org lptag.liveperson.net
1 fonts.gstatic.com www.merr.us
1 accdn.lpsnmedia.net lptag.liveperson.net
1 www.gstatic.com www.google.com
1 www.google.com www.merr.us
1 fonts.googleapis.com www.merr.us
0 analytics.navyfederal.org Failed www.merr.us
30 13

This site contains links to these domains. Also see Links.

Domain
www.navyfederal.org
Subject Issuer Validity Valid
*.googleapis.com
Google Internet Authority G3
2018-08-28 -
2018-11-20
3 months crt.sh
my.navyfederal.org
DigiCert SHA2 Extended Validation Server CA
2018-09-11 -
2019-09-16
a year crt.sh
www.navyfederal.org
DigiCert SHA2 Extended Validation Server CA
2018-04-04 -
2019-04-09
a year crt.sh
www.google.com
Google Internet Authority G3
2018-08-28 -
2018-11-20
3 months crt.sh
*.google.com
Google Internet Authority G3
2018-08-28 -
2018-11-20
3 months crt.sh
*.liveperson.net
COMODO RSA Organization Validation Secure Server CA
2017-12-17 -
2020-12-16
3 years crt.sh
*.lpsnmedia.net
COMODO RSA Organization Validation Secure Server CA
2018-02-26 -
2021-02-25
3 years crt.sh
liveengage.navyfederal.org
DigiCert SHA2 Extended Validation Server CA
2018-04-10 -
2019-04-15
a year crt.sh
merr.us
cPanel, Inc. Certification Authority
2018-08-10 -
2018-11-08
3 months crt.sh
*.v.liveperson.net
COMODO RSA Organization Validation Secure Server CA
2018-05-08 -
2020-05-07
2 years crt.sh

This page contains 4 frames:

Primary Page: http://www.merr.us/wp-content/themes/nv/login.php
Frame ID: 0FD569F7AD9BF4152CDD2D8550E872B8
Requests: 27 HTTP requests in this frame

Frame: https://www.navyfederal.org/nfoaa-navads/signin.html
Frame ID: 2931C94314B97F402861588D33B957DF
Requests: 1 HTTP requests in this frame

Frame: https://liveengage.navyfederal.org/le_secure_storage/3.5.0.10-release_418/storage.secure.min.html?loc=http%3A%2F%2Fwww.merr.us&site=11478817&env=prod&isCrossDomain=true
Frame ID: C334DEA27818C72F2CF1B48400E446A8
Requests: 1 HTTP requests in this frame

Frame: https://www.navyfederal.org/images/spacer.gif
Frame ID: ED488CDDEAB76CBE2511F49EFB687EA1
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /Unix/i

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i

Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Overall confidence: 100%
Detected patterns
  • env /^Recaptcha$/i

Page Statistics

30
Requests

93 %
HTTPS

58 %
IPv6

7
Domains

13
Subdomains

12
IPs

4
Countries

303 kB
Transfer

804 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://rnemsg.navyfederal.org/ci/pta/logout HTTP 302
  • https://www.navyfederal.org/images/spacer.gif

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
www.merr.us/wp-content/themes/nv/
14 KB
14 KB
Document
General
Full URL
http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Server
64.251.208.30 Madison, United States, ASN26284 (BADGER-INTERNET-INC - Badger Internet, Inc., US),
Reverse DNS
cpanel3
Software
Apache/2.4.25 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / PHP/5.5.38
Resource Hash
70a025cdb7a54c73bb380ab5498c1af204f64ff985f1252e7f6aef423a853cd2

Request headers

Host
www.merr.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Server
Apache/2.4.25 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By
PHP/5.5.38
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html
css
fonts.googleapis.com/
5 KB
779 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:817::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
73ed4957753f475d502c2ee4e56fc072150f9b323be22652c868ef7cb82a926c
Security Headers
Name Value
Strict-Transport-Security max-age=86400
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=86400
content-encoding
gzip
last-modified
Mon, 24 Sep 2018 19:59:45 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 24 Sep 2018 19:59:45 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
expires
Mon, 24 Sep 2018 19:59:45 GMT
main-81c4011762afac3569f942d4fb8bf43f.css
my.navyfederal.org/NFOAA_Auth/resources/css/
80 KB
14 KB
Stylesheet
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/css/main-81c4011762afac3569f942d4fb8bf43f.css
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5819744a85e9e7b750ed21addcb6cdbef9b609dcf454e79341b2942944a74ec1

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 17:26:36 GMT
Vary
Accept-Encoding
Content-Language
en-US
Connection
keep-alive
Content-Type
text/css
Content-Length
13478
nauth-81c4011762afac3569f942d4fb8bf43f.css
my.navyfederal.org/NFOAA_Auth/resources/css/
4 KB
2 KB
Stylesheet
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/css/nauth-81c4011762afac3569f942d4fb8bf43f.css
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aa00e07dba6cb64bf1167ff7a523028f64dc648f2e58382488feeb7689abedfb

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 17:26:36 GMT
Vary
Accept-Encoding
Content-Language
en-US
Connection
keep-alive
Content-Type
text/css
Content-Length
1210
s_code.js
www.navyfederal.org/js/
47 KB
18 KB
Script
General
Full URL
https://www.navyfederal.org/js/s_code.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.65.60 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-65-60.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
03058abfea81a3942d4bdee9a00e1227cea77f3bee681f7e2c75fde2988ac76f

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Oct 2017 20:48:34 GMT
Server
Apache
ETag
"ba4b-55aaa9d53ac80-gzip"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=21600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18007
Expires
Mon, 30 Jul 2018 22:44:52 GMT
main.min.js
my.navyfederal.org/NFOAA_Auth/resources/js/dist/
139 KB
46 KB
Script
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/js/dist/main.min.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0080c6f378efa908db1ea1d04f0a2391c9321a2d2232d703749b39956148a083

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Vary
Accept-Encoding
Content-Language
en-US
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Content-Type
application/x-javascript
cookieGenerator-f3c7ff68bced30b6bd7a7a5b62aa7ff4.js
my.navyfederal.org/NFOAA_Auth/resources/js/dev/
2 KB
2 KB
Script
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/js/dev/cookieGenerator-f3c7ff68bced30b6bd7a7a5b62aa7ff4.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bfd0527fd2725ac551051f5efeb3c0a79dc815fc727e311706840907134db819

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Vary
Accept-Encoding
Content-Language
en-US
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
867
login-f3c7ff68bced30b6bd7a7a5b62aa7ff4.js
my.navyfederal.org/NFOAA_Auth/resources/js/dev/
3 KB
2 KB
Script
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/js/dev/login-f3c7ff68bced30b6bd7a7a5b62aa7ff4.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b6aa519de2e03a59ba46b40aa06dd2d0613b5c77b9af94dcaafba0dea3b4a68b

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Vary
Accept-Encoding
Content-Language
en-US
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
855
api.js
www.google.com/recaptcha/
762 B
540 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81b::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
26e0b406fb2610ba6e2d2e1aff2fd26fecc8c96a52ce64641c7d7aaa5965d34b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
448
x-xss-protection
1; mode=block
expires
Mon, 24 Sep 2018 19:59:45 GMT
le2-mtagconfig.js
www.navyfederal.org/js/
20 KB
6 KB
Script
General
Full URL
https://www.navyfederal.org/js/le2-mtagconfig.js
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.65.60 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-65-60.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
470d3ba35a54ee6fe8605f1c2ab718f86742f6d407d4a841aa8c28bb77a6c370

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Oct 2017 09:55:14 GMT
Server
Apache
ETag
"4e11-55c5c0d556480-gzip"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=21600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5721
Expires
Wed, 01 Aug 2018 23:00:53 GMT
s05968905963418
analytics.navyfederal.org/b/ss/nfcuprod/1/JS-1.6.3/
0
0

recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1537165899310/
237 KB
78 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/api2/v1537165899310/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81b::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
01be295d9648229a5eed43b6c27836a569362324ceee92e99a4f40e23ee0c464
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Sep 2018 16:35:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 17 Sep 2018 16:45:00 GMT
server
sffe
age
444238
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
80281
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2019 16:35:47 GMT
tag.js
lptag.liveperson.net/tag/
18 KB
7 KB
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=11478817
Requested by
Host: www.navyfederal.org
URL: https://www.navyfederal.org/js/le2-mtagconfig.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:45 GMT
content-encoding
gzip
last-modified
Sun, 24 Jun 2018 08:31:24 GMT
server
ws
etag
"5b2f56dc-198d"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
6541
.jsonp
lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/
142 KB
52 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: www.navyfederal.org
URL: https://www.navyfederal.org/js/le2-mtagconfig.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
0f456a735c025355ff4d0037c0a304228829a9663cef562482542b540714491a

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:45 GMT
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
status
200
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
zones
accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/
2 KB
603 B
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:16:0:178:249:101:99 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash
3670fcf586de237600ff4455decdf7ba61a9701f0f1884786ae18f1204fa2d03

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:46 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
vary
Accept
content-type
application/javascript
status
200
expires
Mon, 24 Sep 2018 20:00:08 GMT
img_logo-14091710c18c4576bb05b77eae62912e.png
my.navyfederal.org/NFOAA_Auth/resources/images/
5 KB
5 KB
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/img_logo-14091710c18c4576bb05b77eae62912e.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe63c84509133d0aa0265c63a2e18e6c52129bc227b1e2394d8f7c4393193ca7

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
5293
Content-Language
en-US
Content-Type
text/plain
toolTip-14091710c18c4576bb05b77eae62912e.png
my.navyfederal.org/NFOAA_Auth/resources/images/
3 KB
3 KB
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/toolTip-14091710c18c4576bb05b77eae62912e.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d27c34d729a5ecd6e06a8f129aa9204554bee5f9ccd9305e3aacc8ec976ada68

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
3252
Content-Language
en-US
Content-Type
text/plain
tooltip-arrow-left-14091710c18c4576bb05b77eae62912e.png
my.navyfederal.org/NFOAA_Auth/resources/images/
366 B
564 B
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/tooltip-arrow-left-14091710c18c4576bb05b77eae62912e.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9d544e86ba76cf0862763c44521e7d08798a7c7a69a963913b01d1cbe618be01

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
366
Content-Language
en-US
Content-Type
text/plain
img_footer_logo-14091710c18c4576bb05b77eae62912e.png
my.navyfederal.org/NFOAA_Auth/resources/images/
3 KB
3 KB
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/img_footer_logo-14091710c18c4576bb05b77eae62912e.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
26aa1e5d382461643776161453f29771a528577f5a831f0bb2036e4357513c1e

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
3014
Content-Language
en-US
Content-Type
text/plain
bd-1-30
my.navyfederal.org/_bm/
55 KB
14 KB
Script
General
Full URL
https://my.navyfederal.org/_bm/bd-1-30
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dd42af252b85be303db754dd37c9f145dd655d8e8714cf2fd1ec068f625ab38

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Apr 2018 15:33:08 GMT
ETag
"2d19539d7ac938c2750ab20b47b4929a38f06c8f75f89b70fee68762ace2fc46"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
Connection
keep-alive
Content-Length
13861
bg_footer.png
my.navyfederal.org/NFOAA_Auth/resources/images/css/
188 B
386 B
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/css/bg_footer.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d2860cf4cc49d5ec7dd1dab34f52c9d581125bf44808b437939a9f682e115e0c

Request headers

Referer
https://my.navyfederal.org/NFOAA_Auth/resources/css/main-81c4011762afac3569f942d4fb8bf43f.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
188
Content-Language
en-US
Content-Type
text/plain
icons.png
my.navyfederal.org/NFOAA_Auth/resources/images/css/
5 KB
6 KB
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/css/icons.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e07f2fb0014dbce90e269cc01c54d59ddb723c4c8b93380d4abc38563eab6d67

Request headers

Referer
https://my.navyfederal.org/NFOAA_Auth/resources/css/main-81c4011762afac3569f942d4fb8bf43f.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
5527
Content-Language
en-US
Content-Type
text/plain
bg_globe.png
my.navyfederal.org/NFOAA_Auth/resources/images/css/
5 KB
5 KB
Image
General
Full URL
https://my.navyfederal.org/NFOAA_Auth/resources/images/css/bg_globe.png
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.67.128.237 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-128-237.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eac7a5450fce00715e381e02b2359fa4bd7ddd5a30f52e15ca9c342ce24d3b37

Request headers

Referer
https://my.navyfederal.org/NFOAA_Auth/resources/css/main-81c4011762afac3569f942d4fb8bf43f.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Last-Modified
Wed, 22 Aug 2018 17:26:38 GMT
Connection
keep-alive
Content-Length
4797
Content-Language
en-US
Content-Type
text/plain
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v11/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:812::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
4a58441133d85539974e4b136c25eaa5512ac1b018d4f6d53124a08c6f19b55e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Origin
http://www.merr.us

Response headers

date
Wed, 29 Aug 2018 06:48:22 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:25:50 GMT
server
sffe
age
2293885
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
12916
x-xss-protection
1; mode=block
expires
Thu, 29 Aug 2019 06:48:22 GMT
signin.html
www.navyfederal.org/nfoaa-navads/ Frame 2931
0
0
Document
General
Full URL
https://www.navyfederal.org/nfoaa-navads/signin.html
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.65.60 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-65-60.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
www.navyfederal.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.merr.us/wp-content/themes/nv/login.php
Accept-Encoding
gzip, deflate
Cookie
dc=v; _abck=32E0DE963492B2FF11CDB25157C09A15021484F40F3600003342A95B1FE64603~-1~Uv/DK4opBVkYp7iwnG7ntp/4nDHaQuUBSbufpX/xTwg=~-1~-1; bm_sz=20DDF940DE0545DF9ADE5C0BCBCB2057~QAAQ9IQUAmFONuplAQAA4ZcqDYaLO1w7oOZs/XYiVPT4W/SQWYBqjTVr2DhgBi3lC5DvdpGX/C/XNudvJtBbtg1rrfWPB9iz4vu77yDPZJ1OUj/sI7MtRg9+zpFFRJnNYjBbnktGlXUrgC6A/2gD6FibLmXTIsQnCyfiXFLs7FdoStmK+M+TE8usffFRy1euOM37
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.merr.us/wp-content/themes/nv/login.php

Response headers

Server
Apache
Last-Modified
Mon, 21 Nov 2016 18:26:57 GMT
ETag
"1bd6-541d3cd033e40-gzip"
Accept-Ranges
bytes
Cache-Control
max-age=21600
Expires
Tue, 25 Sep 2018 01:59:47 GMT
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
X-Akamai-Transformed
9 2016 0 pmb=mTOE,1
Date
Mon, 24 Sep 2018 19:59:47 GMT
Content-Length
2077
Connection
keep-alive
storage.secure.min.html
liveengage.navyfederal.org/le_secure_storage/3.5.0.10-release_418/ Frame C334
0
0
Document
General
Full URL
https://liveengage.navyfederal.org/le_secure_storage/3.5.0.10-release_418/storage.secure.min.html?loc=http%3A%2F%2Fwww.merr.us&site=11478817&env=prod&isCrossDomain=true
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
Software
ws /
Resource Hash

Request headers

:method
GET
:authority
liveengage.navyfederal.org
:scheme
https
:path
/le_secure_storage/3.5.0.10-release_418/storage.secure.min.html?loc=http%3A%2F%2Fwww.merr.us&site=11478817&env=prod&isCrossDomain=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://www.merr.us/wp-content/themes/nv/login.php
accept-encoding
gzip, deflate
cookie
dc=v; _abck=32E0DE963492B2FF11CDB25157C09A15021484F40F3600003342A95B1FE64603~-1~Uv/DK4opBVkYp7iwnG7ntp/4nDHaQuUBSbufpX/xTwg=~-1~-1; bm_sz=20DDF940DE0545DF9ADE5C0BCBCB2057~QAAQ9IQUAmFONuplAQAA4ZcqDYaLO1w7oOZs/XYiVPT4W/SQWYBqjTVr2DhgBi3lC5DvdpGX/C/XNudvJtBbtg1rrfWPB9iz4vu77yDPZJ1OUj/sI7MtRg9+zpFFRJnNYjBbnktGlXUrgC6A/2gD6FibLmXTIsQnCyfiXFLs7FdoStmK+M+TE8usffFRy1euOM37
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.merr.us/wp-content/themes/nv/login.php

Response headers

status
200
date
Mon, 24 Sep 2018 19:59:47 GMT
content-type
text/html
last-modified
Wed, 20 Jun 2018 06:03:22 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-allow-credentials
true
expires
Mon, 24 Sep 2018 20:09:47 GMT
cache-control
max-age=600
spacer.gif
www.navyfederal.org/images/ Frame ED48
Redirect Chain
  • https://rnemsg.navyfederal.org/ci/pta/logout
  • https://www.navyfederal.org/images/spacer.gif
0
0
Document
General
Full URL
https://www.navyfederal.org/images/spacer.gif
Requested by
Host: www.merr.us
URL: http://www.merr.us/wp-content/themes/nv/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.65.60 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-65-60.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
www.navyfederal.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.merr.us/wp-content/themes/nv/login.php
Accept-Encoding
gzip, deflate
Cookie
dc=v; _abck=32E0DE963492B2FF11CDB25157C09A15021484F40F3600003342A95B1FE64603~-1~Uv/DK4opBVkYp7iwnG7ntp/4nDHaQuUBSbufpX/xTwg=~-1~-1; bm_sz=20DDF940DE0545DF9ADE5C0BCBCB2057~QAAQ9IQUAmFONuplAQAA4ZcqDYaLO1w7oOZs/XYiVPT4W/SQWYBqjTVr2DhgBi3lC5DvdpGX/C/XNudvJtBbtg1rrfWPB9iz4vu77yDPZJ1OUj/sI7MtRg9+zpFFRJnNYjBbnktGlXUrgC6A/2gD6FibLmXTIsQnCyfiXFLs7FdoStmK+M+TE8usffFRy1euOM37; s_fid=7DFCF3B3678E5D83-2F3ADE7A8FB0EE22; gpv_page=nfo%3Anfoaa-navads%3Asignin.html; s_cc=true; s_vi=[CS]v1|2DD4A11985316493-6000010DE000006D[CE]
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.merr.us/wp-content/themes/nv/login.php

Response headers

Server
Apache
Last-Modified
Sun, 02 Jun 2013 10:22:19 GMT
ETag
"2b-4de29390cacc0"
Accept-Ranges
bytes
Content-Length
43
Cache-Control
max-age=7776000
Expires
Mon, 26 Nov 2018 06:02:59 GMT
Content-Type
image/gif
Date
Mon, 24 Sep 2018 19:59:47 GMT
Connection
keep-alive

Redirect headers

Date
Mon, 24 Sep 2018 19:59:47 GMT
Set-Cookie
cp_session=eUNiY1Vvg14V3Nd9TkrDLvAU0swsSDTF8YYkcKQGNjfK_EJzS4n2L3ngMJp_OCyjx4I7kWDa%7Ei2HF_bwOEVMkeFs0GntwcDgTpO5VC8qXRSbeRTCetKLo7C5qarXwIGsOqzDO4XyFkWh5LdkFWi0B1K6a2lUfWz7EswN3bB3MZTrgNL5nb8j2TGr3uymotSpavgBm1QnMlDYk0bo4UNx90XxDXd94YaC3n; path=/; secure; httponly cp_session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ TS015a22fa=01da1a78ef04d613d91779d74828416e9d85a1a7a9d442e6b16bf3313dbfc33683d35f5419895561db88cbf62add42dff1719f8357728c504cc5ff42a71500971961473cdb; Path=/
Strict-Transport-Security
max-age=31536000
Location
https://www.navyfederal.org/images/spacer.gif
RNT-Time
D=59877 t=1537819187735950
RNT-Machine
64.69
Content-Length
0
Keep-Alive
timeout=15, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
_data
www.merr.us/_bm/
0
8 KB
XHR
General
Full URL
https://www.merr.us/_bm/_data
Requested by
Host: my.navyfederal.org
URL: https://my.navyfederal.org/_bm/bd-1-30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.251.208.30 Madison, United States, ASN26284 (BADGER-INTERNET-INC - Badger Internet, Inc., US),
Reverse DNS
cpanel3
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
Origin
http://www.merr.us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type
text/html; charset=UTF-8
11478817
va.v.liveperson.net/api/js/
232 B
701 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/11478817?&cb=lpCb57887x16499&t=sp&ts=1537819188385&pid=5560177322&tid=7202270967&pt=Navy%20Federal%20Credit%20Union%20-%20We%20serve%20where%20you%20serve%C2%AE&u=http%3A%2F%2Fwww.merr.us%2Fwp-content%2Fthemes%2Fnv%2Flogin.php&df=0&os=1
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
e76e572bf7255078607310a6341777f3c28dfabc2a3946a1d91ac941a57c5bb7

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:48 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
11478817
va.v.liveperson.net/api/js/
110 B
471 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/11478817?sid=e76v8BqxTpG1BewTEYB7LA&cb=lpCb55247x20151&t=pl&ts=1537819188387&pid=5560177322&tid=7202270967&vid=ZlY2QyMjVmMDVkN2VkZmEy
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 New York, United States, ASN11054 (LIVEPERSON - LivePerson, Inc., US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
a1262f72895c86e6e90753f9852fe1126f2be734bd0c7b02855f70615b9611f9

Request headers

Referer
http://www.merr.us/wp-content/themes/nv/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 24 Sep 2018 19:59:49 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
status
200
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.navyfederal.org
URL
http://analytics.navyfederal.org/b/ss/nfcuprod/1/JS-1.6.3/s05968905963418?AQB=1&ndh=1&pf=1&t=24%2F8%2F2018%2019%3A59%3A45%201%200&fid=0CEA1D4B88250576-05F352AC4666E94B&ce=UTF-8&ns=nfcu&pageName=nfo%3Alogin&g=http%3A%2F%2Fwww.merr.us%2Fwp-content%2Fthemes%2Fnv%2Flogin.php&c.&pageType=nfo&l1=nfo&l2=nfo%3Alogin&.c&cc=USD&server=nfo&c4=3%3A59PM&v4=3%3A59PM&c5=Monday&v5=Monday&c11=2016.08.16%7CJS%201.6.3&c51=D%3Dg&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Navy Federal Credit Union (Government)

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| s_account object| s function| s_doPlugins function| AppMeasurement_Module_ActivityMap function| AppMeasurement_Module_Integrate function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in number| s_objectID number| s_giq function| manageFrames function| validateDay function| validatePassword function| validateBirthMY function| clear_form_elements function| removeCookie function| setCookie function| checkCapsLock function| validateSSN function| countModal function| resizeParentFrame function| alertUser function| removeAlert function| validateSecurityAnswer function| $ function| jQuery string| j string| k object| s_i_nfcuprod object| jQuery1113020842674336387956 function| getCookie function| createCookie function| setAACookie function| makeRandomValue function| deleteAkamiCookie function| setAkamiCookie function| submitCaptchaForm function| recaptchaWorks object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client boolean| captchaEnabled boolean| isCaptchaSuccess undefined| idtoken object| cnf function| checkForToken function| getParameterByName function| postMsgReceiver object| CustInfo function| sendCtype number| counter boolean| postChat string| closeButton function| piiMask function| lpGetJWT object| lpTag object| recaptcha function| _typeof object| lpMTagConfig number| year object| _cf object| _ac object| bmak string| _sd_trace function| verifyCaptcha

11 Cookies

Domain/Path Name / Value
.navyfederal.org/ Name: s_cc
Value: true
.navyfederal.org/ Name: s_fid
Value: 7DFCF3B3678E5D83-2F3ADE7A8FB0EE22
.navyfederal.org/ Name: bm_sz
Value: 20DDF940DE0545DF9ADE5C0BCBCB2057~QAAQ9IQUAmFONuplAQAA4ZcqDYaLO1w7oOZs/XYiVPT4W/SQWYBqjTVr2DhgBi3lC5DvdpGX/C/XNudvJtBbtg1rrfWPB9iz4vu77yDPZJ1OUj/sI7MtRg9+zpFFRJnNYjBbnktGlXUrgC6A/2gD6FibLmXTIsQnCyfiXFLs7FdoStmK+M+TE8usffFRy1euOM37
.navyfederal.org/ Name: s_vi
Value: [CS]v1|2DD4A11985316493-6000010DE000006D[CE]
www.merr.us/ Name: PHPSESSID
Value: 4c249c15049fcba65872a656c4d09b72
.merr.us/ Name: s_cc
Value: true
.navyfederal.org/ Name: gpv_page
Value: nfo%3Anfoaa-navads%3Asignin.html
.merr.us/ Name: s_fid
Value: 0CEA1D4B88250576-05F352AC4666E94B
.navyfederal.org/ Name: dc
Value: v
.navyfederal.org/ Name: _abck
Value: 32E0DE963492B2FF11CDB25157C09A15021484F40F3600003342A95B1FE64603~-1~Uv/DK4opBVkYp7iwnG7ntp/4nDHaQuUBSbufpX/xTwg=~-1~-1
.merr.us/ Name: gpv_page
Value: nfo%3Alogin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
analytics.navyfederal.org
fonts.googleapis.com
fonts.gstatic.com
liveengage.navyfederal.org
lptag.liveperson.net
my.navyfederal.org
rnemsg.navyfederal.org
va.v.liveperson.net
www.google.com
www.gstatic.com
www.merr.us
www.navyfederal.org
analytics.navyfederal.org
104.109.65.60
178.249.101.23
208.89.12.87
23.67.128.237
2606:b400:8814:f200::8198:5c77
2a00:1450:4001:812::2003
2a00:1450:4001:817::200a
2a00:1450:4001:81b::2003
2a00:1450:4001:81b::2004
2a03:6400:10:0:178:249:97:98
2a03:6400:16:0:178:249:101:99
64.251.208.30
0080c6f378efa908db1ea1d04f0a2391c9321a2d2232d703749b39956148a083
01be295d9648229a5eed43b6c27836a569362324ceee92e99a4f40e23ee0c464
03058abfea81a3942d4bdee9a00e1227cea77f3bee681f7e2c75fde2988ac76f
0f456a735c025355ff4d0037c0a304228829a9663cef562482542b540714491a
26aa1e5d382461643776161453f29771a528577f5a831f0bb2036e4357513c1e
26e0b406fb2610ba6e2d2e1aff2fd26fecc8c96a52ce64641c7d7aaa5965d34b
2dd42af252b85be303db754dd37c9f145dd655d8e8714cf2fd1ec068f625ab38
3670fcf586de237600ff4455decdf7ba61a9701f0f1884786ae18f1204fa2d03
470d3ba35a54ee6fe8605f1c2ab718f86742f6d407d4a841aa8c28bb77a6c370
4a58441133d85539974e4b136c25eaa5512ac1b018d4f6d53124a08c6f19b55e
5819744a85e9e7b750ed21addcb6cdbef9b609dcf454e79341b2942944a74ec1
70a025cdb7a54c73bb380ab5498c1af204f64ff985f1252e7f6aef423a853cd2
73ed4957753f475d502c2ee4e56fc072150f9b323be22652c868ef7cb82a926c
9d544e86ba76cf0862763c44521e7d08798a7c7a69a963913b01d1cbe618be01
a1262f72895c86e6e90753f9852fe1126f2be734bd0c7b02855f70615b9611f9
aa00e07dba6cb64bf1167ff7a523028f64dc648f2e58382488feeb7689abedfb
b6aa519de2e03a59ba46b40aa06dd2d0613b5c77b9af94dcaafba0dea3b4a68b
bfd0527fd2725ac551051f5efeb3c0a79dc815fc727e311706840907134db819
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
d27c34d729a5ecd6e06a8f129aa9204554bee5f9ccd9305e3aacc8ec976ada68
d2860cf4cc49d5ec7dd1dab34f52c9d581125bf44808b437939a9f682e115e0c
e07f2fb0014dbce90e269cc01c54d59ddb723c4c8b93380d4abc38563eab6d67
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e76e572bf7255078607310a6341777f3c28dfabc2a3946a1d91ac941a57c5bb7
eac7a5450fce00715e381e02b2359fa4bd7ddd5a30f52e15ca9c342ce24d3b37
fe63c84509133d0aa0265c63a2e18e6c52129bc227b1e2394d8f7c4393193ca7