Domain > rfsemployeediscounts.com

More information on this domain is in AlienVault OTX

DNS Resolutions

Date	IP Address
2024-11-21	13.43.78.158 (ClassC)
2024-11-30	3.8.44.202 (ClassC)
2024-12-16	18.133.218.166 (ClassC)
2025-10-10	18.169.173.64 (ClassC)

HTTP/1.1 200 OKDate: Fri, 10 Oct 2025 13:21:27 GMTContent-Type: text/html; charsetUTF-8Transfer-Encoding: chunkedConnection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: rfsemployeediscountscoml0rd324qgmd0un37qbbim29225; path/; secure; HttpOnlyX-XSS-Protection: 1; modeblockx-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffStrict-Transport-Security: max-age31536000; includeSubDomainsContent-Security-Policy: default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * unsafe-inline unsafe-eval; style-src * unsafe-inline;Referrer-Policy: strict-originVary: Origin

!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd>html xmlnshttp://www.w3.org/1999/xhtml xml:langen langen>head>   meta charsetUTF-8 />   meta namerobots contentnoindex, nofollow />    meta nameviewport content widthdevice-width,initial-scale1,maximum-scale1,user-scalableno />        !-- Encoding -->    link relpreconnect hrefhttps://fonts.googleapis.com>link relpreconnect hrefhttps://fonts.gstatic.com crossorigin>link hrefhttps://fonts.googleapis.com/css2?familyJulius+Sans+One&familyManrope:wght@200..800&displayswap relstylesheet>link relstylesheet typetext/css href/css/login-css.php />    link relicon href/management/media/favicon.ico typeimage/x-icon />    script typetext/javascript srchttps://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js>/script>    script typetext/javascript srchttps://www.google.com/recaptcha/api.js>/script>    script typetext/javascript src/js/jquery.flexslider.js>/script>    script typetext/javascript src/js/zebra_datepicker.min.js>/script>    script typetext/javascript src/js/jquery.cookie.js>/script>    script typetext/javascript src/js/jquery.cookiecuttr.js>/script>    script typetext/javascript>    $(document).ready(function(){        var isBenefitsAppWebView  /(bebenefits)/i.test(navigator.userAgent.toLowerCase());    if(!isBenefitsAppWebView) {      $.cookieCuttr();    }    });        /script>    title>Welcome to RFS Employee Discounts/title>/head>    body classbackground_skin>    div idloginwrapper>    div idwelcome_text>                div classwelcome>            h2 classuk stylecolor:#000000>Welcome to RFS Employee Discounts/h2>            h2 classwelsh styledisplay:none; color:#000000>/h2>        /div>        div classstrapline>            h3 classuk stylecolor:#000000>Savings and benefits for employees/h3>            h3 classwelsh styledisplay:none; color:#000000>/h3>        /div>            /div>                                    div idloginbox>                        h3 classeditable uk>Log in/h3>                        h3 styledisplay:none; classeditable welsh>Mewngofnodi/h3>                        div idlogin_form_box>                            form idloginform nameloginform methodpost action>    div>        input classfield typetext value idloginUsername nameuname placeholderEmail/>    /div>    div>        input classfield typepassword idloginPassword namepasswd value placeholderPassword />    /div>    div classremember_me_wrapper uk>        label classremember_me forremember_me>Remember me for 30 days/label>input typecheckbox idremember_me nameremember_me value1 />        p classremember_me_notice>(Please do not use this option on a shared device)/p>    /div>    div classremember_me_wrapper welsh>        label classremember_me forremember_me>Cofiwch fi am 30 diwrnod/label>input typecheckbox idremember_me nameremember_me value1 />        p classremember_me_notice>(Peidiwch â defnyddior opsiwn hwn ar ddyfais a rennir)/p>    /div>    input typehidden namelogin idlogin valueyes />    input typehidden nameReward_login_page idReward_login_page valueyes />    div>        input typesubmit classprimary_button uk idlogin_button valueLog in />        input styledisplay:none; typesubmit classprimary_button welsh idlogin_button valueMewngofnodi />        input typehidden namecsrfToken valuee93eb0b7638166e01ed76bd078f6d7c070d9b12469c7db5a9eb5415b4ed34c38 />    /div>/form>script typetext/javascript>    $(document).ready(function(){    });/script>                        /div>                        div idforgotten-pass classeditable>                            p classeditable uk>a classeditable href/forgotten_password.php>Forgot your password?/a>/p>                            p classeditable welsh styledisplay:none;>a classeditable href/forgotten_password.php>Wedi anghofioch cyfrinair?/a>/p>                        /div>                                                div idregister>                            a href/register.php classsecondary_button register_button uk>Register For Free/a>                            a href/register.php styledisplay:none; classsecondary_button register_button welsh>Cofrestru am Ddim/a>                        /div>                                        /div>                    /div>div idfooter_links>    hr/>    ul idfooter_link_list>        li>a target_blank href/terms_and_conditions.php>Terms and Conditions/a>/li>        li>a target_blank href/privacy_policy.php>Privacy Policy/a>/li>    /ul>/div>/body>/html>script typetext/javascript>    if(top.location.pathname ! /)    {        top.location.href  /;    }                $(document).ready(function(){    });/script>    /body>/html>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > rfsemployeediscounts.com

Is this malicious?

DNS Resolutions

Port 80

Port 443