Security Scan Report: docusign.well-done.kz

Redirected to:
https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/ind...
Submitted: Jul 3, 2026, 12:45:03 AMCompleted: Jul 3, 2026, 12:46:40 AMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 4 HTTP transactions. The main domain is docusign.well-done.kz.

Submitted URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/index.php/download/index.php

Effective URL: https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/index.php/download/download/download/download/download/download/download/download/download/download/download/download/download/index.phpRedirected

AI Security Verdict

Moderate Risk

Confidence: 80%

5
Risk Score

The page impersonates DocuSign on an unrelated, unranked domain with many redirects, indicating a high‑risk phishing attempt.

Risk Factors
Brand impersonation of a well‑known service
Unranked / low‑reputation domain
Excessive redirects
Domain age unknown (neutral but adds uncertainty)
Safety Factors
No malicious JavaScript YARA matches
No network IDS alerts
No credential or payment forms
Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 7 to 5
Domain age information unavailable

Details

Page Title

e-sign

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

download file sharing

(43%)

Domain Information

Within the Kazakh country-code top-level domain (.kz), 'docusign.well-done.kz' is registered and includes subdomain 'docusign'. The second-level label 'well-done' is 9 characters long containing three vowels alongside 5 consonants; bonus characters include one hyphen. Splitting it apart reveals two words: well, done. Median word length comes out to 4 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://docusign.well-done.kz/cgi-bin/Windows/utility.php/download/index.php/download/index.php

Page Load Overview

3.02s
Total Load Time
1
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:100 chars
Detector Agreement:100%

Website Classification

Primary Category

download file sharing43% confidence
Type: static
Method: ml+structural

All Detected Categories

download file sharing
43%
documentation technical
38%
healthcare medical
33%
e-commerce shopping
30%
government public service
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1172.67.216.2Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
11--

Detected Technologies3

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14854123157813DBB583CCA8C71D13E842ED8DECFC6B8524535F5A0E282EE752ADB1259

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:6Edo2Cp6Edo2Cp9UNuO+L6qFnxw7Ap27rpZioq:6Edo2Cp6Edo2Cp9UNuODqFnqkp27rpZS

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:302759:hxJAEYAkggSKEIoGiEA5ggEHGAEBACBKpoIiRQMdAMQ8h9BMptsAfmCQOopEBbeOGnAIqDsACChMkCAACQYNFBEkDRBBagQD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffcfc383c7ffff
Perceptual Hash:b8c7c7386cc73838
Difference Hash:80009d1eb79d002c
Wavelet Hash:00cf87838387ffc3
Color Hash:#783a65

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data