They are using an image to submit the form. It is part of the HTML standard and does not require javascript or anything else.

<input type="image" class="fLeft loginbtn" src="/Content/Images/Home/Login2.png" alt="Login">

The x and y you are seeing are actually the coordinates where you clicked the “Login” image.

<input type="image"> … an image from which a user can select a coordinate and submit the form …

More specifically, from the HTML4 specification for input control types:

When a pointing device is used to click on the image, the form is submitted and the click coordinates passed to the server. The x value is measured in pixels from the left of the image, and the y value in pixels from the top of the image. The submitted data includes name.x=x-value and name.y=y-value where “name” is the value of the name attribute, and x-value and y-value are the x and y coordinate values, respectively.

It is (usually) not used to prevent automated logins, but I guess that a very simple web bot might not “click” on the image and send coordinates that way.

If no coordinates were received it could for example mean that

• it is a bot that doesn’t send coordinates.
• it is a user without a “pointing device” (mouse, touch screen).
• it is a user that did not use any available pointing device (but the keyboard perhaps).
• it is a bad browser that didn’t follow the standard.

If coordinates were received it could for example mean that

• it is a bot that recognizes <input type="image" />.
• it is a human who clicked the image.
• it is a human who used the keyboard to submit the form (probably via the image), but their browser decided to send coordinates anyways.

So basically, it is not a security measure of any sort.