MalwareTips
Security Review

Is sg01.l.antigena.com legit or a scam?

Our verdict:Safe· 89/100

A legitimate email security redirect service operated by Darktrace with over 10 years of domain history and clean antivirus scans.

Why we trust it
Domain age of over 10 years indicates a long-standing, stable operation.Zero detections across 92 different antivirus engines in our network.Verified ownership by Darktrace, a major UK-based cybersecurity company.
sg01.l.antigena.comScanned 1h ago
Post Facebook
0
Trust score
SAFE
Heuristics 90·MT 88
View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
10 years old
Registered Mar 1, 2016
MT Intelligence
Safe
Low likelihood · 90% confidence
SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

Screenshot of sg01.l.antigena.com
LIVE RENDER
sg01.l.antigena.com
1Screenshot incomplete — site may be slow to render

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

50
/ 100
High visual risk

Visual red flags detected in the screenshot

We could not capture a fully-rendered screenshot of this page; visual analysis is inconclusive.

Visual risk50/100

What our vision model saw

1 signal

Screenshot incomplete — site may be slow to render

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust88/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain is a verified part of the Darktrace Antigena security suite, used to rewrite and scan email links for threats. Our analysis shows the domain was registered over 10 years ago and is managed by a reputable corporate registrar. All 92 antivirus engines in our network confirm the site is clean. While some malware sandboxes have noted that attackers occasionally try to abuse these relay points in phishing chains, the infrastructure itself is a professional security tool. The valid Amazon-issued SSL certificate and stable hosting history further confirm its legitimacy.
Full dossier
Analysis complete

Page Content

The page functions as a backend redirect and link-sanitization service for email security. It is a JavaScript-based application that processes incoming URL requests rather than hosting a traditional public-facing storefront.

Infrastructure

The site is hosted on a stable IP address with a perfect reputation score and no history of abuse reports. It utilizes a high-grade RSA 2048-bit SSL certificate issued by Amazon, ensuring encrypted communication for the link-rewriting process.

Domain History

The domain has been active for 3,772 days, which is a strong indicator of an established enterprise service. It is registered through a corporate-focused registrar, consistent with the needs of a major cybersecurity firm like Darktrace.

Web Reputation

Our research confirms this subdomain is a standard component of the Antigena Email protection product. It is widely documented in security whitepapers and legitimate corporate email headers as a tool for preventing phishing and malware delivery.
Risk Factors
2
  • Attackers sometimes attempt to abuse legitimate relay services like this to mask the final destination of phishing links.
  • The page may appear blank or non-functional to a standard browser because it is designed for automated link processing.
Positive Signals
4
  • Domain age of over 10 years indicates a long-standing, stable operation.
  • Zero detections across 92 different antivirus engines in our network.
  • Verified ownership by Darktrace, a major UK-based cybersecurity company.
  • Valid, high-assurance SSL certificate with a long expiry window.
AI Recommendation
This is a safe security service. If you were redirected here after clicking an email link, it means your organization's security software is scanning the destination for your protection.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for sg01.l.antigena.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
10 yrs
Registered Mar 2016
Business registration
Active · United Kingdom
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 5 positive
Key findings
7 headline facts from open-web research
  • sg01.l.antigena.com is a subdomain of antigena.com, used by Darktrace (a UK cybersecurity company) for its Antigena Email product to rewrite and protect/sanitize links in emails.
  • Similar subdomains (us01.z.antigena.com, uk01.l.antigena.com, eu01.z.antigena.com, sg01.z.antigena.com) appear in legitimate webinar registration links, Microsoft Q&A posts about email link redirects, and security vendor documentation.
  • Darktrace Antigena rewrites URLs in protected emails; clicking them routes through these domains for threat scanning before redirecting to the final destination.
  • Some malware analysis sandboxes (Joe Sandbox, ANY.RUN) have flagged phishing campaigns that abuse these legitimate Darktrace relay domains as part of their attack chains.
  • User complaints exist about unexpected lock screens or redirects (e.g., to uk01.z.antigena.com) when clicking email links, often linked to organizations using Darktrace email security.
  • Domain antigena.com has been active for over 10 years (age aligns with 3772 days) and is tied to Darktrace's AI-based email threat prevention technology.
  • No direct scam reports or complaints specifically targeting sg01.l.antigena.com; it appears in legitimate marketing and security contexts.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • Joe Sandboxopen

    "The phishing chain abuses multiple legitimate web services as relay points: Darktrace Antigena (us01.z.antigena.com)"

  • ANY.RUNopen

    "Malware analysis https://us01.z.antigena.com/l/... Verdict: Malicious activity Tags: phishing"

Business registration
Status: active · United Kingdom

antigena.com is the domain for Darktrace's Antigena Email security product (now part of Darktrace email protection)

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research into sg01.l.antigena.com confirms it is a legitimate subdomain of antigena.com, owned by the UK cybersecurity firm Darktrace. It is used by their Antigena Email product to rewrite links in emails for security scanning. While some malware analysis platforms have flagged phishing campaigns that route through these relay points, the service itself is a professional security tool used by many large organizations.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious81Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Clean
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age10 years old
RegistrarGoDaddy Corporate Domains, LLC
RegisteredMar 1, 2016
ExpiresMar 1, 2029
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.2
IssuerAmazon · Amazon RSA 2048 M01
ExpiresMar 7, 2027 (250d)
Self-signedNo
Hosting & Technology
HostingAmazon Data Services Singapore
Server locationSG

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPAmazon Data Services Singapore
Usage typeData Center/Web Hosting/Transit

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

  • Double-check the exact URL in your address bar

    Confirm you are actually on sg01.l.antigena.com and not a lookalike like s-g01.l.antigena.com.com or an IDN homoglyph.

  • Use a password manager

    Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.

  • Discuss this site on the forum

    If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review found no threat indicators on sg01.l.antigena.com. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
  • sg01.l.antigena.com passed our automated security checks with a trust score of 89/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
  • Yes. sg01.l.antigena.com presents a valid TLSv1.2 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 250 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • sg01.l.antigena.com is 10.3 years old, registered on 3/1/2016 through GoDaddy Corporate Domains, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report sg01.l.antigena.com as clean.
  • No. sg01.l.antigena.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • sg01.l.antigena.com resolves to an IP operated by Amazon Data Services Singapore in SG (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 30, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around sg01.l.antigena.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·sg01.l.antigena.com
SAFE

This is a legitimate security subdomain used by Darktrace to protect email links. It is part of an established cybersecurity infrastructure and is not a scam site. You can safely interact with links that use this redirect service.

This is a safe security service. If you were redirected here after clicking an email link, it means your organization's security software is scanning the destination for your protection.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Safe reports

Browse all reports
Safetrust93
aerocom.fr
4m ago
Read the review
Safetrust90
shawarmadamascuskingston.ca
6m ago
Read the review
Safetrust92
gladtidingsworshipcenter.ca
6m ago
Read the review
Safetrust92
passportpm.com
8m ago
Read the review
Safetrust93
csbhomes.com.au
8m ago
Read the review
Safetrust94
litewhite.co.uk
10m ago
Read the review
Safetrust90
gerhardarchitect.co.za
1h ago
Read the review
Safetrust84
t0x.net
1h ago
Read the review
Safetrust85
geoipcheck.com
1h ago
Read the review
Safetrust89
priscillagagne.com
1h ago
Read the review
Safetrust90
aeroflot.ru
2h ago
Read the review
Safetrust92
changeip.com
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.