Security Scan Report: docusign.well-done.kz

Redirected to:
https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/dow...
Submitted: Jul 2, 2026, 1:45:04 PMCompleted: Jul 2, 2026, 1:46:24 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 5 HTTP transactions. The main domain is docusign.well-done.kz.

Submitted URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/download/index.php/

Effective URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/download/index.php/download/download/download/download/download/download/download/download/download/download/download/download/download/download/download/download/index.phpRedirected

AI Security Verdict

Moderate Risk

Confidence: 88%

5
Risk Score

The site pretends to be DocuSign, uses many redirects, and lacks any legitimate form – high risk of phishing/brand abuse.

Risk Factors
Brand impersonation of a well‑known service
Excessive redirect chain (16 redirects)
Unranked domain with no reputation
Safety Factors
Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 8 to 5
Domain age information unavailable

Details

Page Title

e-sign

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

download file sharing

(43%)

Domain Information

Within the Kazakh country-code top-level domain (.kz), 'docusign.well-done.kz' is registered, featuring subdomain 'docusign'. Its registrable label 'well-done' stretches across 9 characters holding 3 vowels versus 5 consonants, plus one hyphen. Word splitting yields two words: well, done. Average segment length settles at four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/download/index.php/

Page Load Overview

1.03s
Total Load Time
1
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:100 chars
Detector Agreement:100%

Website Classification

Primary Category

download file sharing43% confidence
Type: static
Method: ml+structural

All Detected Categories

download file sharing
43%
documentation technical
38%
healthcare medical
33%
e-commerce shopping
30%
government public service
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1104.21.78.41Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
11--

Detected Technologies3

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14854123157813DBB583CCA8C71D13E842ED8DECFC6B8524535F5A0E282EE752ADB1259

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:6Edo2Cp6Edo2Cp9UNuO+L6qFnxw7Ap27rpZioq:6Edo2Cp6Edo2Cp9UNuODqFnqkp27rpZS

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:302759:hxJAEYAkggSKEIoGiEA5ggEHGAEBACBKpoIiRQMdAMQ8h9BMptsAfmCQOopEBbeOGnAIqDsACChMkCAACQYNFBEkDRBBagQD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffcfc383c7ffff
Perceptual Hash:b8c7c7386cc73838
Difference Hash:80009d1eb79d002c
Wavelet Hash:00cf87838387ffc3
Color Hash:#46bf40

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data