ScanMalware.com

Security Scan Report: aycagl.com

Redirected to:
https://aycagl.com/malware%20analysis/XWorm-Malware-Teknik-Analiz-Rapo...
Submitted: Apr 28, 2026, 10:38:23 AMCompleted: Apr 28, 2026, 10:39:32 AMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 1 country across 2 domains to perform 1 HTTP transaction. The main domain is aycagl.com and was registered NaN years ago.

Submitted URL: http://aycagl.com/malware%20analysis/XWorm-Malware-Teknik-Analiz-Raporu-97204262733c/

Effective URL: https://aycagl.com/malware%20analysis/XWorm-Malware-Teknik-Analiz-Raporu-97204262733c/Redirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

The site is a newly registered, unranked domain that mimics LinkedIn/GitHub branding, flagged by ML as phishing – high risk of brand impersonation.

Risk Factors
New unranked domain
Brand impersonation / typosquatting
High JavaScript obfuscation score (critical)
External resource from kit.fontawesome.com
Domain age information unavailable

Details

Page Title

XWorm Malware Teknik Analiz Raporu - aycagl

Scan Type

public

Language

🇹🇷

Turkish

(45% confidence)

Category

phishing scam

(100%)

Domain Information

The domain name 'aycagl.com' uses the commercial generic top-level domain (.com). The second-level label 'aycagl' is 6 characters long with 2 vowels and four consonants. Breaking it apart gives 3 words: ay, ca, gl. Average segment length settles at 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://aycagl.com/malware%20analysis/XWorm-Malware-Teknik-Analiz-Raporu-97204262733c/

Page Load Overview

1.54s
Total Load Time
22
HTTP Requests
2
Domains
5.0 MB
Total Size

Language Analysis

Primary Language

🇹🇷Turkish
Code: tr
Confidence:45%
Script:Latin
Direction:ltr

Detection Details

Language Code:tr
Detection Confidence:45%
Script Type:Latin
HTML Lang Attribute:en
Text Length:15,331 chars
Detector Agreement:80%
Language mismatch: Declared as en but detected as tr

Website Classification

Primary Category

phishing scam100% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

phishing scam
100%
documentation technical
70%
technology software
44%

Detected Features

Search
OG: article
Schema.org

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
11185.199.110.153United States
AS54113Fastly, Inc.
11172.64.147.188United States
AS13335Cloudflare, Inc.
222--

Detected Technologies5

Open-Graph-Protocolvarticle
100%
Ruby
50%
Font Awesome
40%
Jekyll
30%
Lunr.js
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1BAE22902F4E53067466752BAE2E4DB9FF60A4243E3208D41B6EDD289AFC1F6146F320C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:1IMrMXVLQMrMEx3LXAuFCpdmCXY9UmtEguF:1HA5/AEx3Lw6CpV+UNguF

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:31779:RxFdcyArRA4wYx4mGEmNCQCAAouLUCEVQMQAVXIBmAYoIVi0AkhfA4tWBAAropADsRUiYGIAFc8ivsZgWoBc4MY8zDORCJMA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:1c39381838183838
Perceptual Hash:8a723333353493dd
Difference Hash:b9e1f1f171717171
Wavelet Hash:0d79393939393939
Color Hash:#6abf40

Other Hashes

Crop Resistant:168082808080a08e,b9e1f1f171717171

Scan History

Scan history not available

Unable to load historical scan data