Is headcage.info a scam?

Our automated security review flags headcage.info as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is headcage.info safe to use?

No — headcage.info scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does headcage.info have a valid SSL certificate?

Yes. headcage.info presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 75 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

How old is the headcage.info domain?

headcage.info is 10 months old, registered on 8/7/2025 through NameSilo, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.

Has headcage.info been flagged by antivirus engines?

12 out of 92 antivirus engines in our malware network flagged headcage.info as malicious or suspicious (11 outright malicious). Even one detection is a meaningful signal.

Is headcage.info on any phishing or malware blacklists?

Yes. The major browser blocklist feeds flagged headcage.info with the following threat categories: SOCIAL_ENGINEERING. This protects billions of browser users from visiting the site.

Where is headcage.info hosted?

headcage.info resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the headcage.info report updated?

This is a permanent record of the scan run on June 12, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around headcage.info have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Security Review

Is headcage.info legit or a scam?

Our verdict:Dangerous· 1/100

SafeSuspiciousDangerous

Phishing page flagged by Chong Lua Dao, Cluster25, CyRadar, ESET, Forcepoint, and Fortinet; blocked by browser security feeds as social-engineering.

Top reasons

Six antivirus engines flag as phishing or malicious, including tier-1 detectors ESET and Fortinet.Browser blocklists classify as social-engineering — active phishing infrastructure.Page is completely blank with no legitimate business content, contact details, or purpose.

headcage.infoScanned 4d ago

Post Facebook

Trust score

DANGEROUS

Heuristics 0·MT 18

Category tags

phishing#Phishing#Data Harvester92% MT confidence

Technical red flags (2)

12 of 92 engines flagged Blacklisted by Google

Warning signals (1)

Domain is 10 months old

Positive signals (2)

Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

12/92

Engines flagged this URL

Domain Age

10 months old

Registered Aug 7, 2025

MT Intelligence

Dangerous

Critical likelihood · 92% confidence

DANGEROUS

Phishing site — do not log in

Flagged on major browser safety blocklists as social engineering. This page looks designed to steal credentials. Don't log in — and if you already did, change the password anywhere you reused it and turn on two-factor authentication.

Website Preview

LIVE RENDER

headcage.info

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Critical scam likelihoodengineMT · Guardiantrust18/100

MT AgentLive web researchVisual inspection

Confidence

Six independent antivirus engines (Chong Lua Dao, Cluster25, CyRadar, ESET, Forcepoint ThreatSeeker, and Fortinet) classify this domain as phishing or malicious. Major browser blocklists flag it under the social-engineering category. The page itself is completely empty — no title, no description, no contact information, no business details, no legitimate content whatsoever. A 309-day-old domain with zero traffic ranking and a blank page is a classic phishing infrastructure pattern: registered long ago, kept dormant, then activated to harvest credentials or distribute malware. The valid SSL certificate and clean IP reputation are common obfuscation tactics used by phishing operators to bypass basic security checks.

Full dossier

Analysis complete

Page Content

The page is entirely blank. No title tag, no meta description, no visible text, no contact information, no business registration, no social links, and no email addresses. This absence of any legitimate content is a strong indicator of a credential-harvesting or malware-distribution infrastructure page.

Infrastructure

Hosting IP 104.21.94.223 has a clean abuse score (0/100) and only 1 abuse report, suggesting the IP itself is not widely flagged — typical for phishing operators who use legitimate CDN or hosting providers. SSL certificate is valid and issued by Google Trust Services, expiring in 75 days. Valid certificates are routinely obtained by phishing operators to evade browser warnings.

Domain History

Registered 309 days ago via NameSilo, LLC. The domain has been live for nearly a year but shows zero traffic ranking and no indexed content, consistent with a dormant phishing infrastructure domain held in reserve or used for targeted campaigns.

Web Reputation

Six antivirus engines flag the domain as malicious or phishing: Chong Lua Dao (malicious), Cluster25 (phishing), CyRadar (phishing), ESET (phishing), Forcepoint ThreatSeeker (phishing), and Fortinet (phishing). Major browser blocklists classify it as social-engineering content. No positive trust signals from independent review aggregators.

Risk Factors

Six antivirus engines flag as phishing or malicious, including tier-1 detectors ESET and Fortinet.
Browser blocklists classify as social-engineering — active phishing infrastructure.
Page is completely blank with no legitimate business content, contact details, or purpose.
309-day-old domain with zero traffic ranking suggests dormant phishing infrastructure.
Valid SSL certificate and clean IP reputation are common obfuscation tactics used by phishing operators.
No emails, phone numbers, addresses, or social links — no accountability or legitimate business presence.
Reputation score is 0 across all signals.

AI Recommendation

Do not visit this site. Do not enter any credentials, personal information, or payment details. If you arrived here via a link in an email or message, report it as phishing to your email provider or the platform that sent it.

Next-gen fraud intelligence

Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for headcage.info, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age

10 months

Registered Aug 2025

Web mentions

No scam reports found

No complaints, no negative coverage turned up in our sweep.

Research summary

Narrative write-up from our AI analyst

No independent review data available.

Antivirus Engines

Detection matrix · live

12 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

11Malicious1Suspicious50Harmless92Engines

of 92

Chong Lua Dao

Malicious· malicious

Cluster25

Malicious· phishing

CyRadar

Malicious· phishing

ESET

Malicious· phishing

Forcepoint ThreatSeeker

Malicious· phishing

Fortinet

Malicious· phishing

G-Data

Malicious· phishing

Google Safebrowsing

Malicious· phishing

Gridinsoft

Malicious· phishing

SOCRadar

Malicious· malware

Webroot

Malicious· malicious

alphaMountain.ai

Suspicious· spam

12 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check

This URL appears on threat lists

Detected threat categories: SOCIAL_ENGINEERING.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbersNone

Postal addressNot listed

Linked social profiles0

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No phone number listed on the page.
No postal address visible on the page.

Domain & Encryption

Domain History

Age10 months old

RegistrarNameSilo, LLC

RegisteredAug 7, 2025

ExpiresAug 7, 2026

Owner privacyVisible

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerGoogle Trust Services · WE1

ExpiresAug 27, 2026 (75d)

Self-signedNo

Hosting & Technology

HostingCloudflare, Inc.

Server locationUS

Web servercloudflare

Redirect Chain

Hops

Cross-domain

Lookalike

Punycode

1301http://headcage.info/
2200https://headcage.info/

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file1

ISPCloudflare, Inc.

Usage typeContent Delivery Network

Scam-Type Likelihood

1 scam-type patterns detected

Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Phishing

Phishing

Moderate likelihood

35/100

Google Safe Browsing flagged this as social engineering / phishing.
AI analyst tagged this as phishing / data-harvesting.

Scam-Type Likelihood

1 of 13 categories showed signals

Top match: Phishing

Phishing

Moderate likelihood

35/100

Google Safe Browsing flagged this as social engineering / phishing.
AI analyst tagged this as phishing / data-harvesting.

Phishing site — act fast

This page shows signs of attempting to steal credentials or impersonate a trusted brand.

Do not interact with headcage.info
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
If you already typed your password — change it now
Change the password on the legitimate site and anywhere else you re-used it. Turn on two-factor authentication. Review recent account activity.
Report the phishing URL
APWG (Anti-Phishing Working Group) accepts phishing reports at reportphishing@apwg.org. Google Safe Browsing reports help protect other users.
Open
Get help on the forum
MalwareTips members can help you assess damage and next steps.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

ListedCheck ↗

VirusTotal

ListedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review flags headcage.info as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
No — headcage.info scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
Yes. headcage.info presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 75 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
headcage.info is 10 months old, registered on 8/7/2025 through NameSilo, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
12 out of 92 antivirus engines in our malware network flagged headcage.info as malicious or suspicious (11 outright malicious). Even one detection is a meaningful signal.
Yes. The major browser blocklist feeds flagged headcage.info with the following threat categories: SOCIAL_ENGINEERING. This protects billions of browser users from visiting the site.
headcage.info resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
This is a permanent record of the scan run on June 12, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around headcage.info have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

Trust / 100

Final Verdict·headcage.info

DANGEROUS

A phishing page flagged by six major antivirus engines and browser blocklists as social-engineering content. The domain is 309 days old but completely bare — no business information, contact details, or legitimate content. Do not enter any credentials or personal data.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

dui2yh5g50r9s.cloudfront.net

ww8.123moviesfree.net

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.