Security Scan Report: docusign.well-done.kz

Redirected to:
https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/dow...
Submitted: Jul 1, 2026, 7:08:43 PMCompleted: Jul 1, 2026, 7:12:05 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 5 HTTP transactions. The main domain is docusign.well-done.kz.

Submitted URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/index.php

Effective URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/download/download/download/download/download/download/download/download/download/download/download/download/download/download/download/download/index.phpRedirected

AI Security Verdict

Moderate Risk

Confidence: 80%

5
Risk Score

The site impersonates DocuSign on an unranked domain with many redirects, indicating a high‑risk phishing or scam page.

Risk Factors
Brand impersonation of a well‑known service (DocuSign)
Unranked / low‑reputation domain
High number of redirects (16)
Safety Factors
No credential or payment forms present
No JavaScript malware patterns detected
No network IDS alerts
Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 7 to 5
Domain age information unavailable

Details

Page Title

e-sign

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

download file sharing

(43%)

Domain Information

The domain name 'docusign.well-done.kz' uses the Kazakh country-code top-level domain (.kz) and includes subdomain 'docusign'. Its registrable label 'well-done' stretches across 9 characters containing 3 vowels alongside five consonants; it also includes one hyphen. Breaking it apart gives two words: well, done. Average segment length settles at four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/index.php

Page Load Overview

1.36s
Total Load Time
1
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:100 chars
Detector Agreement:100%

Website Classification

Primary Category

download file sharing43% confidence
Type: static
Method: ml+structural

All Detected Categories

download file sharing
43%
documentation technical
38%
healthcare medical
33%
e-commerce shopping
30%
government public service
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1104.21.78.41Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
11--

Detected Technologies3

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14854123157813DBB583CCA8C71D13E842ED8DECFC6B8524535F5A0E282EE752ADB1259

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:6Edo2Cp6Edo2Cp9UNuO+L6qFnxw7Ap27rpZioq:6Edo2Cp6Edo2Cp9UNuODqFnqkp27rpZS

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:302759:hxJAEYAkggSKEIoGiEA5ggEHGAEBACBKpoIiRQMdAMQ8h9BMptsAfmCQOopEBbeOGnAIqDsACChMkCAACQYNFBEkDRBBagQD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffcfc383c7ffff
Perceptual Hash:b8c7c7386cc73838
Difference Hash:80009d1eb79d002c
Wavelet Hash:00cf87838387ffc3
Color Hash:#d27991

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data