MalwareTips
SUSPICIOUS

Warning signs detected

Legitimate SendGrid mail server hostname frequently abused by phishing campaigns impersonating SendGrid and other brands. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Security Review

Is wfbttvcx.outbound-mail.sendgrid.net legit or a scam?

Our verdict:Suspicious· 55/100

Legitimate SendGrid mail server hostname frequently abused by phishing campaigns impersonating SendGrid and other brands.

Top reasons
SendGrid's outbound infrastructure is a documented vector for phishing campaigns impersonating SendGrid and other brands.Emails from this hostname pass SPF/DKIM authentication because they originate from real SendGrid servers, making them harder for recipients to identify as phishing.Criminals abuse compromised or malicious SendGrid customer accounts to send credential-harvest and brand-impersonation attacks.
wfbttvcx.outbound-mail.sendgrid.netScanned 1h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 95·MT 40
Category tags
email infrastructurephishing vector#Phishing75% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
17 years old
Registered Apr 20, 2009
MT Intelligence
Suspicious
High likelihood · 75% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The hostname wfbttvcx.outbound-mail.sendgrid.net belongs to Twilio SendGrid, a 17-year-old legitimate email delivery platform. However, our research found multiple documented phishing campaigns using similar SendGrid outbound subdomains to impersonate SendGrid itself and other organizations. Criminals exploit compromised or malicious customer accounts on SendGrid; because emails originate from real SendGrid infrastructure, they pass authentication checks (SPF/DKIM). The random prefix pattern (wfbttvcx) is standard for SendGrid's shared outbound servers, making it impossible to distinguish legitimate customer mail from abuse at the hostname level. The IP reputation score is low (4/100), and only one abuse report exists, reflecting that SendGrid actively manages its infrastructure—but the documented phishing campaigns prove the platform is a known vector for credential-harvest and brand-impersonation attacks.
Full dossier
Analysis complete

Page Content

This is not a web page—it's a mail server hostname within SendGrid's outbound infrastructure. Direct HTTP requests to it are not typical user activity.

Infrastructure

IP 159.183.120.202 is owned by SendGrid, Inc. (ASN 11377) and falls within their legitimate mail-server range. The hostname follows SendGrid's standard naming convention for shared outbound servers. SSL is unavailable because this is a mail server, not a web service.

Domain History

The parent domain sendgrid.net has an age of 6258 days (~17 years), confirming SendGrid's long-established legitimate operation. The subdomain wfbttvcx.outbound-mail.sendgrid.net is a dynamically assigned shared hostname; no direct registration history exists for this specific prefix.

Web Reputation

Our antivirus network reports no malicious flags. However, our research identified four documented phishing campaigns using similar SendGrid outbound subdomains (s.wfbtzhsv.outbound-mail.sendgrid.net, s.wfbtzhst.outbound-mail.sendgrid.net, wrqvpkzw.outbound-mail.sendgrid.net) to impersonate SendGrid and other organizations. These campaigns exploited compromised SendGrid customer accounts, allowing attackers to send phishing emails from legitimate SendGrid infrastructure.

Risk Factors
5
  • SendGrid's outbound infrastructure is a documented vector for phishing campaigns impersonating SendGrid and other brands.
  • Emails from this hostname pass SPF/DKIM authentication because they originate from real SendGrid servers, making them harder for recipients to identify as phishing.
  • Criminals abuse compromised or malicious SendGrid customer accounts to send credential-harvest and brand-impersonation attacks.
  • The random hostname prefix (wfbttvcx) is standard for SendGrid's shared outbound servers, making it impossible to distinguish legitimate mail from abuse at the hostname level.
  • Multiple phishing campaigns documented in security research and abuse databases used similar SendGrid outbound subdomains.
Positive Signals
4
  • The hostname belongs to Twilio SendGrid, a legitimate, 17-year-old email delivery platform.
  • IP reputation score is low (4/100), indicating SendGrid actively manages abuse on its infrastructure.
  • Our antivirus network reports no malicious flags for this hostname.
  • The parent domain sendgrid.net is well-established and widely trusted by legitimate businesses.
AI Recommendation
Do not enter payment details or credentials into any email claiming to come from this hostname. If you received a suspicious email claiming to be from SendGrid, report it to SendGrid's abuse team and verify any links by visiting sendgrid.com directly in your browser.
Scam network detected
3 linked domains correlated

Similar SendGrid outbound subdomains documented in phishing campaigns. These are not clones but shared infrastructure abused by attackers with compromised SendGrid accounts.

s.wfbtzhsv.outbound-mail.sendgrid.nets.wfbtzhst.outbound-mail.sendgrid.netwrqvpkzw.outbound-mail.sendgrid.net
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of wfbttvcx.outbound-mail.sendgrid.net
LIVE RENDER
wfbttvcx.outbound-mail.sendgrid.net

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for wfbttvcx.outbound-mail.sendgrid.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
17 yrs
Registered Apr 2009
Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
4 scam reports · 1 complaint
Key findings
7 headline facts from open-web research
  • wfbttvcx.outbound-mail.sendgrid.net is a legitimate Twilio SendGrid outbound mail server hostname (IP range 159.183.120.0/24 owned by SendGrid, Inc.).
  • Similar SendGrid outbound subdomains (e.g. s.wfbtzhsv.outbound-mail.sendgrid.net, wrqvpkzw.outbound-mail.sendgrid.net, s.wfbtzhst.outbound-mail.sendgrid.net) have been used in multiple documented phishing campaigns impersonating SendGrid, O
  • Criminals abuse compromised or malicious SendGrid accounts; emails pass SPF/DKIM because they originate from real SendGrid infrastructure.
  • SendGrid publishes guidance on identifying phishing emails that spoof their brand; they are not the originator of the scams but their platform is frequently abused.
  • Domain age of 6258 days (~17 years) aligns with SendGrid's long-established legitimate service.
  • No direct reports found specifically for the exact prefix "wfbttvcx", but the pattern matches known abuse of SendGrid's shared outbound servers.
  • IPinfo confirms the hostname resolves within SendGrid's ASN 11377 infrastructure.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • Netcraftopen

    "Received: from s.wfbtzhsv.outbound-mail.sendgrid.net (s.wfbtzhsv.outbound-mail.sendgrid.net [159.183.224.104])"

  • LinkedIn / Security Reportopen

    "Received: from s.wfbtzhst.outbound-mail.sendgrid.net (s.wfbtzhst.outbound-mail.sendgrid.net [159.183.224.103])"

  • Hacker Newsopen

    "came from an actual sendgrid server (wrqvpkzw.outbound-mail.sendgrid.net [149.72.49.233])"

  • AbuseIPDBopen

    "sends phishing spam Received: from wrqvtkxs.outbound-mail.sendgrid.net"

Business registration
Status: active · United States

Subdomain of sendgrid.net (Twilio SendGrid, legitimate email delivery platform, domain age 6258 days)

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Security research and abuse databases document multiple phishing campaigns using SendGrid outbound mail subdomains (including s.wfbtzhsv.outbound-mail.sendgrid.net, s.wfbtzhst.outbound-mail.sendgrid.net, and wrqvpkzw.outbound-mail.sendgrid.net) to impersonate SendGrid itself and other brands. These campaigns exploited compromised or malicious SendGrid customer accounts. Because emails originate from legitimate SendGrid infrastructure, they pass authentication checks, making them difficult for recipients to identify as phishing. SendGrid publishes guidance on identifying spoofed emails; the platform itself is not the originator of these scams but is frequently abused by attackers. No direct reports were found for the specific prefix 'wfbttvcx', but the pattern matches known abuse of SendGrid's shared outbound servers.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious59Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age17 years old
RegistrarMarkMonitor Inc.
RegisteredApr 20, 2009
ExpiresApr 20, 2027
Owner privacyVisible
Hosting & Technology
HostingTwilio SendGrid
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score4%
Reports on file1
ISPTwilio SendGrid
Usage typeCommercial

Scam-Type Likelihood

1 scam-type patterns detected
Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Phishing
Phishing
Low-level signals
10/100
  • AI analyst tagged this as phishing.

Warning: phishing patterns

This page shows signs of attempting to steal credentials or impersonate a trusted brand.

  • Treat wfbttvcx.outbound-mail.sendgrid.net as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • If you already typed your password — change it now

    Change the password on the legitimate site and anywhere else you re-used it. Turn on two-factor authentication. Review recent account activity.

  • Report the phishing URL

    APWG (Anti-Phishing Working Group) accepts phishing reports at reportphishing@apwg.org. Google Safe Browsing reports help protect other users.

    Open
  • Get help on the forum

    MalwareTips members can help you assess damage and next steps.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked wfbttvcx.outbound-mail.sendgrid.net as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • wfbttvcx.outbound-mail.sendgrid.net currently scores 55/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • wfbttvcx.outbound-mail.sendgrid.net is 17.1 years old, registered on 4/20/2009 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report wfbttvcx.outbound-mail.sendgrid.net as clean.
  • No. wfbttvcx.outbound-mail.sendgrid.net is not currently listed on the major browser blocklist feeds that modern browsers use.
  • wfbttvcx.outbound-mail.sendgrid.net resolves to an IP operated by Twilio SendGrid in US (usage type: Commercial). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

0
Trust / 100
Final Verdict·wfbttvcx.outbound-mail.sendgrid.net
SUSPICIOUS

This is a legitimate SendGrid outbound mail server hostname, but criminals routinely abuse SendGrid's infrastructure to send phishing emails. The domain itself is not malicious—it's the platform being weaponized by attackers.

Do not enter payment details or credentials into any email claiming to come from this hostname. If you received a suspicious email claiming to be from SendGrid, report it to SendGrid's abuse team and verify any links by visiting sendgrid.com directly in your browser.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust64
asfaleia-zois.gr
7m ago
Read the review
Suspicioustrust57
aldealio.com
7m ago
Read the review
Suspicioustrust51
uu-download.dx5mzt.com
9m ago
Read the review
Suspicioustrust57
go-to-holidays.com
11m ago
Read the review
Suspicioustrust69
modum-house.com
11m ago
Read the review
Suspicioustrust50
panditprogrammer.com
13m ago
Read the review
Suspicioustrust59
desihub.org
16m ago
Read the review
Suspicioustrust45
prenedurs.co.in
20m ago
Read the review
Suspicioustrust56
running247.info
1h ago
Read the review
Suspicioustrust61
dr-does-chemistry-quiz.latestmodapks.com
1h ago
Read the review
Suspicioustrust57
tryeverwellhealth.com
1h ago
Read the review
Suspicioustrust61
endlockdowns.org
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.