urlscan.io logo urlscan.io
SecurityTrails logo

logon.merrickbank.com Open in urlscan Pro
208.91.232.174  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://logon.merrickbank.com/core/Account/Overview
Effective URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Submission: On October 16 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 208.91.232.174, located in West Elizabeth, United States and belongs to CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US. The main domain is logon.merrickbank.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on September 23rd 2019. Valid for: 2 years.
This is the only time logon.merrickbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 208.91.232.174 26461 (CARDHOLDE...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 3
17    208.91.232.174 (West Elizabeth, United States)

ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US)
logon.merrickbank.com
2    2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
Apex Domain
Subdomains		 Transfer
17 merrickbank.com
logon.merrickbank.com
6 MB
2 google-analytics.com
www.google-analytics.com
18 KB
1 google.de
www.google.de
109 B
1 google.com
www.google.com
190 B
1 doubleclick.net
stats.g.doubleclick.net
163 B
18 5
Domain Requested by
17 logon.merrickbank.com 1 redirects logon.merrickbank.com
2 www.google-analytics.com 1 redirects logon.merrickbank.com
1 www.google.de logon.merrickbank.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
18 5

This site contains no links.

Subject Issuer Validity Valid
logon.merrickbank.com
DigiCert SHA2 Extended Validation Server CA		 2019-09-23 -
2021-12-26		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-09-17 -
2019-12-10		 3 months crt.sh
www.google.de
GTS CA 1O1		 2019-09-17 -
2019-12-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Frame ID: 6190F1F9B520B0FFF186E0BA78B907EA
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://logon.merrickbank.com/core/Account/Overview HTTP 302
    https://logon.merrickbank.com/core/Error/SessionError/Invalid Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /ruxitagentjs/i

Page Statistics

18
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

6070 kB
Transfer

6168 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://logon.merrickbank.com/core/Account/Overview HTTP 302
    https://logon.merrickbank.com/core/Error/SessionError/Invalid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=124657114&t=pageview&_s=1&dl=https%3A%2F%2Flogon.merrickbank.com%2Fcore%2FError%2FSessionError%2FInvalid&ul=en-us&de=UTF-8&dt=Error&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=790836361&gjid=887111225&cid=151433228.1571235848&tid=UA-50910217-1&_gid=1655949401.1571235848&_r=1&z=928576956 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_gid=1655949401.1571235848&gjid=887111225&_v=j79&z=928576956 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956&slf_rd=1&random=3097828836

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Invalid
logon.merrickbank.com/core/Error/SessionError/
Redirect Chain
  • https://logon.merrickbank.com/core/Account/Overview
  • https://logon.merrickbank.com/core/Error/SessionError/Invalid
12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
a28de926d470f68a1cc46d15fe488bc4926bf6fe933eed87179690108cb14daa
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
logon.merrickbank.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
dtCookie=2$098B7F8F5617900410F57B7268FB8AC4
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-OneAgent-JS-Injection
true
X-ruxit-JS-Agent
true
Date
Wed, 16 Oct 2019 14:24:00 GMT
Content-Length
12027

Redirect headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Location
/core/Error/SessionError/Invalid
X-FRAME-OPTIONS
DENY
X-OneAgent-JS-Injection
true
X-ruxit-JS-Agent
true
Set-Cookie
dtCookie=2$098B7F8F5617900410F57B7268FB8AC4; Path=/; Domain=.merrickbank.com
Date
Wed, 16 Oct 2019 14:24:00 GMT
Content-Length
639
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
ruxitagentjs_ICA2SVfqru_10175190917092722.js
logon.merrickbank.com/ 		127 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/ruxitagentjs_ICA2SVfqru_10175190917092722.js
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
a35dee955e475d74e796bf6f2ed5d95555583aa25a39d8178c30217150835e91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, immutable
Content-Length
50571
Expires
Thu, 15 Oct 2020 14:24:01 GMT
css
logon.merrickbank.com/bundles/ 		932 KB
933 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
6a26b90ec96e9f333aac3562daa9d55bdbf1af3602773c64626bd98eae91f744
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:00 GMT
Last-Modified
Wed, 16 Oct 2019 14:24:01 GMT
Vary
User-Agent
Content-Type
text/css; charset=utf-8
Cache-Control
public
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Length
954747
Expires
Thu, 15 Oct 2020 14:24:01 GMT
javascript
logon.merrickbank.com/bundles/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/bundles/javascript?v=UAFdpKYeIvTJcw0lFnIO92bZmExZaLdUM7rtM-bCuUU1
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
cd3becfea1c4d2c21a9070bb36fbc7c5713fe5bdb4079a3a2463249a58b0089e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:01 GMT
Last-Modified
Wed, 16 Oct 2019 14:24:00 GMT
ETag
"1571235841:dtagent10175190917092722B7bl"
Vary
User-Agent
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Length
4126774
Expires
Thu, 15 Oct 2020 14:24:01 GMT
highcharts
logon.merrickbank.com/bundles/ 		177 KB
177 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/bundles/highcharts?v=uiHhTPbgdhHjEPfydLZ1rMjBcFhOKXwZ6M5oH90o81o1
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
c894323dcecae813ca769e5250d4e2950e24e786d665e4b66a3014da5d76a7ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:00 GMT
Last-Modified
Wed, 16 Oct 2019 14:24:00 GMT
ETag
"1571235841:dtagent10175190917092722B7bl"
Vary
User-Agent
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Length
180818
Expires
Thu, 15 Oct 2020 14:24:01 GMT
kendoui.woff
logon.merrickbank.com/Content/Kendo-fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/Content/Kendo-fonts/kendoui.woff?v=1.1
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/bundles/javascript?v=UAFdpKYeIvTJcw0lFnIO92bZmExZaLdUM7rtM-bCuUU1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
8329d2b4c1c7c96260d03217cae87833a6d0ff4196fa889ddb239641198db846
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:45 GMT
Accept-Ranges
bytes
ETag
"067619b2d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
64184
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/x-font-woff
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
2971
date
Wed, 16 Oct 2019 13:34:36 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Wed, 16 Oct 2019 15:34:36 GMT
home_logo.png
logon.merrickbank.com/MERRICK2/Images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logon.merrickbank.com/MERRICK2/Images/home_logo.png
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
05b18b793d4a7562c8174bed8c044b4e340edb103cc716f7b22049c73cd130ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Wed, 14 Feb 2018 14:46:46 GMT
Accept-Ranges
bytes
ETag
"0cfe3a2a2a5d31:0"
Content-Length
9073
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/png
man_tie_shoe.jpg
logon.merrickbank.com/MERRICK2/Images/Overlays/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logon.merrickbank.com/MERRICK2/Images/Overlays/man_tie_shoe.jpg
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
36988b03d96a77bf12aaa5d1d97eb0f6b3077fb65da2ecfc787cceb60ba6f7d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:56 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0"
Content-Length
88824
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
image/jpeg
Roboto-Black.woff
logon.merrickbank.com/MERRICK2/Fonts/ 		88 KB
88 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/Roboto-Black.woff
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
f208b7f6df17f4ea300a116f8c5a6b1aa68c9edc4e24fab1031c5f26c0a643bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:06 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:55 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
90120
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/x-font-woff
Roboto-Thin.woff
logon.merrickbank.com/MERRICK2/Fonts/ 		86 KB
86 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/Roboto-Thin.woff
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
a8bf6ba0c1af70e68ab1c7cedf00c956e76afb51df2255e826f7d52215f60055
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:55 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
87804
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/x-font-woff
Roboto-Regular.woff
logon.merrickbank.com/MERRICK2/Fonts/ 		87 KB
88 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/Roboto-Regular.woff
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
722e9b6e91a1f035c02536d9548ff8eec911bd78d0d2742ee8884309ca19338c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:55 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
89436
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/x-font-woff
Roboto-Bold.woff
logon.merrickbank.com/MERRICK2/Fonts/ 		87 KB
87 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/Roboto-Bold.woff
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
7822a14f204c8c79e422eb51c8f64eec68cf7d263e9658b4cde7b53202a0b3ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:55 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
89220
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/x-font-woff
RobotoSlab-Light.ttf
logon.merrickbank.com/MERRICK2/Fonts/ 		175 KB
175 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/RobotoSlab-Light.ttf
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
153bf5b428d5cd0b27a63f9a36941cd7d6c7523a7afd59c76a12f798e4c33127
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 04 Dec 2017 14:45:44 GMT
Accept-Ranges
bytes
ETag
"05c3190e6dd31:0"
Content-Length
179096
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/opentype
RobotoSlab-Regular.ttf
logon.merrickbank.com/MERRICK2/Fonts/ 		165 KB
165 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/MERRICK2/Fonts/RobotoSlab-Regular.ttf
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
13aa5f54c6f2fa2e388fe0e675cdbcc6a81f6270a8bf9c03a5df8af9cb022810
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/bundles/css?v=6_xLu1lD_iCvFrY9KHg2yC2OawDuU7cvuwwd0TK6N4w1
Origin
https://logon.merrickbank.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 16 Oct 2019 14:24:07 GMT
Last-Modified
Mon, 03 Jun 2019 16:58:55 GMT
Accept-Ranges
bytes
ETag
"04857a12d1ad51:0:dtagent10175190917092722B7bl"
Content-Length
169064
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/opentype
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=124657114&t=pageview&_s=1&dl=https%3A%2F%2Flogon.merrickbank.com%2Fcore%2FError%2FSessionError%2FInvalid&ul=en-us&de=UTF-8&dt=Error&sd=24-bit...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_gid=1655949401.1571235848&gjid=887111225&_v=j79&z=928576956
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956&slf_rd=1&random=3097828836
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956&slf_rd=1&random=3097828836
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/core/Error/SessionError/Invalid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Oct 2019 14:24:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Oct 2019 14:24:07 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-50910217-1&cid=151433228.1571235848&jid=790836361&_v=j79&z=928576956&slf_rd=1&random=3097828836
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rb_12c37637-814a-49b3-baff-3315e1d3fe15
logon.merrickbank.com/ 		118 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/rb_12c37637-814a-49b3-baff-3315e1d3fe15?type=js&svrid=2&flavor=post&referer=https%3A%2F%2Flogon.merrickbank.com%2Fcore%2FError%2FSessionError%2FInvalid&visitID=BMPLFNNWBHDAMBFDACNAPOGABNPPPIJH&modifiedSince=1570514697313&app=dcde7dd460f44c7e
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/ruxitagentjs_ICA2SVfqru_10175190917092722.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
66d46676629b199f41fb4e2433c8d0ff2bca4d3f800858b77766d187c4796b58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 16 Oct 2019 14:24:08 GMT
Content-Length
118
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/plain; charset=utf-8
rb_12c37637-814a-49b3-baff-3315e1d3fe15
logon.merrickbank.com/ 		118 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logon.merrickbank.com/rb_12c37637-814a-49b3-baff-3315e1d3fe15?type=js&session=2%24172F123E08383CC66FBF0B64133C03D6%7Cdcde7dd460f44c7e%7C1&flavor=post&referer=https%3A%2F%2Flogon.merrickbank.com%2Fcore%2FError%2FSessionError%2FInvalid&visitID=BMPLFNNWBHDAMBFDACNAPOGABNPPPIJH&modifiedSince=1570514697313&app=dcde7dd460f44c7e
Requested by
Host: logon.merrickbank.com
URL: https://logon.merrickbank.com/ruxitagentjs_ICA2SVfqru_10175190917092722.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.91.232.174 West Elizabeth, United States, ASN26461 (CARDHOLDER-MANAGEMENT-SERVICES - Cardworks Servicing, LLC, US),
Reverse DNS
Software
/
Resource Hash
66d46676629b199f41fb4e2433c8d0ff2bca4d3f800858b77766d187c4796b58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://logon.merrickbank.com/core/Error/SessionError/Invalid
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 16 Oct 2019 14:24:15 GMT
Content-Length
118
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/plain; charset=utf-8

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| dT_ object| dtrum function| HashProp function| OnlyNumeric function| OnlyAmount function| OnlyDate function| OnlyAlpha function| CurrencyFormat function| OnlyCurrency function| Navigate function| RegisterHelpButton function| ShowHelp function| RegisterPrintButton function| ShowInModal function| ShowPromptModalDialog function| HidePromptModalDialog function| ScrollToElement function| Redirect function| RegisterSpinnerButtons object| AjaxResult function| RegisterCurrencyFormatPlugin function| AddDollarSymbol function| RegisterInputFormatMasks function| RegisterDateTimePicker function| RealTimeMaxTransferAmountProvider function| AmountTransferValidator function| ValidationError function| Validator function| EmailValidator function| PhoneValidator function| DateValidator function| RegexValidator function| RequiredLengthFieldValidator function| CompareValidator function| CompareDatesValidator function| NumericCompareValidator function| isNumber function| RequiredValidator function| RequiredIfValidator function| CustomValidator function| FieldValidation function| FormValidation function| unbindClick function| loadStickyMenu function| InitiateTooltip function| wrapDropDown function| isEmpty function| closeMenu function| constructMenu function| registerActionsforMenuItems function| registerActionsForMenu function| applyClientDetailsQuickviewNoPad function| getFicoScoreStatus function| $ function| jQuery function| DP_jQuery_1571235847349 function| moment object| jQuery19107114690805744088 function| Inputmask function| Cookies object| MODALSIZE object| COMPAREOPERATOR object| VALIDATORTYPES object| CONDITIONTYPES object| ValidationUtilities object| kendo object| Highcharts string| GoogleAnalyticsObject function| ga function| showHelpModal function| showConsentModal object| google_tag_data object| gaplugins object| gaGlobal object| gaData

2 Cookies

Domain/Path Name / Value
.merrickbank.com/ Name: dtPC
Value: 2$435841270_548h2vBMPLFNNWBHDAMBFDACNAPOGABNPPPIJH
.merrickbank.com/ Name: rxvt
Value: 1571237648776|1571235841276

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block