ScanMalware.com

Security Scan Report: validate.perfdrive.com

Site favicon
Submitted: May 6, 2026, 7:38:11 PMCompleted: May 6, 2026, 7:39:31 PMpubliccompleted
Loading additional data...

Summary

This website contacted 12 IPs in 2 countries across 13 domains to perform 20 HTTP transactions. The main domain is validate.perfdrive.com and was registered NaN years ago.

Submitted URL: https://validate.perfdrive.com/8408b9605993067ad3888d4cbe83654f/?ssa=3e51f2c8-61aa-41a4-9633-ee548c806926&ssb=70153228891&ssc=https%3A%2F%2Fwww.amaroma.it%2F&ssi=befc2ede-cl63-44b4-a745-e57e0697acad&[email protected]&ssm=81880505058161807106457800208388&ssn=297d1bfb61e588fc4e3ab86df5743cc118d10b0ff439-b23d-4752-acfe65&sso=3641f20b-7253379b907d43e7f9d5747d4609c6a6693ce7079d23e79d&ssp=30405217121778011839177801732278403&ssq=63390849629079373657996290410382034449283&ssr=MTc4LjYzLjE2LjIyNA==&sst=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/124.0.0.0%20Safari/537.36&ssu=&ssv=&ssw=&ssx=eyJ1em14IjoiN2Y5MDAwOGEzZWFmY2QtZjA2My00OWZhLTlhYzUtYTQ2MGY5OTE3ZDM3MS0xNzc4MDk2MjkwNDI3MC03NjhkZTVjNzJiYjkzZjY1MTAiLCJfX3V6bWYiOiI3ZjkwMDAwYjBmZjQzOS1iMjNkLTQ3NTItYTIwYi03MjUzMzc5YjkwN2QxLTE3NzgwOTYyOTA0MjcwLTAwMzMxNGE0Y2M2Y2Y3NDg4ZGMxMCIsInJkIjoiYW1hcm9tYS5pdCJ9

The Cisco Umbrella rank of the primary domain is #14,110 of the top 1 million websites

AI Security Verdict

Moderate Risk

Confidence: 78%

5
Risk Score

The site is old and well‑ranked, but critical IDS alerts and a strong phishing ML label raise moderate risk of malware distribution.

Risk Factors
Critical IDS alerts suggesting malware activity
High IDS alerts for suspicious POST traffic
ML phishing label above the meaningful threshold
Multiple function() constructor calls in JavaScript (code generation)
CAPTCHA page could be used to mask malicious behavior
Safety Factors
Domain age >10 years and reputable ranking
No Indicators of Compromise matched in threat intel databases
No JavaScript YARA malware patterns detected
No credential exfiltration observed in JavaScript behavioral analysis
External resources (hcaptcha, cdn, fonts) are benign
Domain age information unavailable

Details

Page Title

Radware Bot Manager Captcha

Scan Type

public

Language

🇮🇹

Italian

(49% confidence)

Category

phishing scam

(74%)

Domain Information

Within the commercial generic top-level domain (.com), 'validate.perfdrive.com' is registered; it also runs on subdomain 'validate'. The second-level label 'perfdrive' is 9 characters long with three vowels and six consonants. It segments into 3 words: per, f, drive. Expect three characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://validate.perfdrive.com/8408b9605993067ad3888d4cbe83654f/?ssa=3e51f2c8-61aa-41a4-9633-ee548c806926&ssb=70153228891&ssc=https%3A%2F%2Fwww.amaroma.it%2F&ssi=befc2ede-cl63-44b4-a745-e57e0697acad&ssk=botmanager_support@radware.com&ssm=81880505058161807106457800208388&ssn=297d1bfb61e588fc4e3ab86df5743cc118d10b0ff439-b23d-4752-acfe65&sso=3641f20b-7253379b907d43e7f9d5747d4609c6a6693ce7079d23e79d&ssp=30405217121778011839177801732278403&ssq=63390849629079373657996290410382034449283&ssr=MTc4LjYzLjE2LjIyNA==&sst=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/124.0.0.0%20Safari/537.36&ssu=&ssv=&ssw=&ssx=eyJ1em14IjoiN2Y5MDAwOGEzZWFmY2QtZjA2My00OWZhLTlhYzUtYTQ2MGY5OTE3ZDM3MS0xNzc4MDk2MjkwNDI3MC03NjhkZTVjNzJiYjkzZjY1MTAiLCJfX3V6bWYiOiI3ZjkwMDAwYjBmZjQzOS1iMjNkLTQ3NTItYTIwYi03MjUzMzc5YjkwN2QxLTE3NzgwOTYyOTA0MjcwLTAwMzMxNGE0Y2M2Y2Y3NDg4ZGMxMCIsInJkIjoiYW1hcm9tYS5pdCJ9

Page Load Overview

1.27s
Total Load Time
20
HTTP Requests
13
Domains
190 KB
Total Size

Language Analysis

Primary Language

🇮🇹Italian
Code: it
Confidence:49%
Script:Latin
Direction:ltr

Detection Details

Language Code:it
Detection Confidence:49%
Script Type:Latin
Text Length:451 chars
Detector Agreement:75%

Website Classification

Primary Category

phishing scam74% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

phishing scam
74%
technology software
60%
documentation technical
59%
blog personal website
54%
adult content
50%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
934.117.2.119Kansas City, Missouri, United States
AS396982Google LLC
1104.18.12.205United States
AS13335Cloudflare, Inc.
1104.19.229.21United States
AS13335Cloudflare, Inc.
1104.18.13.205United States
AS13335Cloudflare, Inc.
1142.251.14.95United States
AS15169Google LLC
1142.251.13.94United States
AS15169Google LLC
1130.211.29.114United States
AS396982Google LLC
135.241.15.240Kansas City, Missouri, United States
AS396982Google LLC
1104.17.207.5United States
AS13335Cloudflare, Inc.
166.22.43.118Milan, Lombardy, Italy
AS48851Radware Ltd
2012--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A592E92173C0280413978BB773ABB9C9F567684B7E45448AF54CAE00AFCAA57CEA3574

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:sScDKcuP/FnX16OW3OGRz3apKZJri2bZcFMKYbWJmjoRIC7VhCQj+NU:sScDVuPtF6OW3OGRz3aoZJrisnjWrz11

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:20217:QKiTGcCiUBgZghyOFLJgwOEMCnJQGAKEZBEYYAAAgkQFclBAgYeAyNe8AAgCHiMihMgbKAgRQQDCN9PAxYF1QgaplC5kwICB

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00ffe7c3e7e7ff00
Perceptual Hash:b61d0f873d384cc3
Difference Hash:620886160e0c0810
Wavelet Hash:00e7c3c3e7e7e700
Color Hash:#d2c279

Other Hashes

Crop Resistant:640816160e0c0808,0000000000000000,0000000000000000

Scan History

Scan history not available

Unable to load historical scan data