MalwareTips
Security Review

Is click.mailchimp.com legit or a scam?

Our verdict:Safe· 87/100

Official Mailchimp infrastructure used for email click tracking and Mandrill login services with a 25-year history.

Why we trust it
Domain age of over 9,100 days (25 years) indicates long-term stability.Owned and operated by a verified, active business (The Rocket Science Group/Intuit).Valid SSL certificate with a trusted chain of trust.
click.mailchimp.comScanned 2h ago
Post Facebook
0
Trust score
SAFE
Heuristics 70·MT 95
Technical red flags (1)
1 of 92 engines flagged
View density

Analysis Summary

Threat Intelligence
1/92
Engines flagged this URL
Domain Age
25 years old
Registered Jun 29, 2001
MT Intelligence
Safe
Low likelihood · 95% confidence
SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

Screenshot of click.mailchimp.com
LIVE RENDER
click.mailchimp.com
1Professional login interface for Mandrill by Mailchimp

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

0
/ 100
No visual red flags

No scam visual patterns detected

The screenshot displays a professionally designed, legitimate-looking login portal for Mandrill with no visual indicators of a scam or phishing attempt.

Visual risk0/100

What our vision model saw

5 signals

Professional login interface for Mandrill by Mailchimp

Consistent branding with Mailchimp logo and Mandrill iconography

Standard copyright footer referencing The Rocket Science Group

Clean layout with functional links to Privacy Policy and Terms of Use

No urgency tactics, fake trust badges, or suspicious overlays detected

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust95/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain is a core part of the Mailchimp ecosystem, specifically serving their Mandrill transactional email product. Our analysis confirms the domain has been registered for over 25 years and is operated by The Rocket Science Group, a subsidiary of Intuit. The SSL certificate is valid and issued by a trusted authority, matching the company's known infrastructure. While one engine in our antivirus network flagged it, this is a false positive likely caused by the fact that phishers sometimes abuse these tracking links to hide their final destinations. The page itself is a standard, professional login portal with no signs of credential harvesting or malicious intent.
Full dossier
Analysis complete

Page Content

The page serves as the official login gateway for Mandrill. It features professional branding, functional links to legal terms, and a secure login flow that integrates with Mailchimp's primary authentication system.

Infrastructure

The site is hosted on high-reputation IP addresses with a valid Amazon-issued SSL certificate. It loads resources from verified internal domains including mailchimp.com and eepurl.com.

Domain History

Registered in 1998, this domain has a nearly 25-year history of continuous operation. It is managed by a major corporate registrar and shows no signs of the recent registration patterns typical of fraud.

Web Reputation

The domain maintains a strong reputation as a critical business tool. While security researchers note that attackers may include these links in phishing emails to bypass filters, the domain itself is a legitimate service provided by a multi-billion dollar company.
Risk Factors
2
  • One engine (Chong Lua Dao) flagged the domain, likely due to its use in tracking redirects.
  • The domain is frequently used in email campaigns, which can lead to automated flagging by some security filters.
Positive Signals
5
  • Domain age of over 9,100 days (25 years) indicates long-term stability.
  • Owned and operated by a verified, active business (The Rocket Science Group/Intuit).
  • Valid SSL certificate with a trusted chain of trust.
  • Visual analysis confirms a professional, non-malicious login interface.
  • Clean reputation across major browser blocklists and 91 antivirus engines.
AI Recommendation
This site is safe to use. Ensure you are logging in through a secure connection and that the URL in your browser matches the official Mailchimp or Mandrill domains.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for click.mailchimp.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
25 yrs
Registered Jun 2001
Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports · 5 positive
Key findings
7 headline facts from open-web research
  • click.mailchimp.com is an official Mailchimp hostname used for click tracking in emails and Mandrill login (Mandrill is Mailchimp's transactional email service).
  • When click tracking is enabled, Mailchimp wraps destination URLs through click.mailchimp.com/track/click/... to log clicks before redirecting.
  • The scanned page title "Log in to Mandrill" matches the legitimate Mandrill login page, which redirects users to log in via a Mailchimp account.
  • Mailchimp (The Rocket Science Group LLC) is a subsidiary of Intuit Inc., founded in 2001, headquartered in Atlanta, GA; domain age of 9125 days (~25 years) aligns with company history.
  • Phishers frequently abuse Mailchimp tracking links (click.mailchimp.com) in phishing emails to leverage the domain's reputation before redirecting to malicious sites.
  • Some email security tools (e.g., Proofpoint, Microsoft Defender) block or flag generic ESP tracking domains like click.mailchimp.com due to abuse by attackers.
  • No direct scam reports or complaints target click.mailchimp.com itself; all references treat it as legitimate Mailchimp infrastructure.
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • Stanford University ITopen

    "The attackers send convincing phishing emails with Mailchimp branding that often claim issues with account status or spam complaints. The emails contain links to fake Mailchimp login pages"

  • Troy Huntopen

    "A Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list"

  • Push Securityopen

    "Phishing email mimicking the design of MailChimp emails. The email matched Mailchimp’s brand, but the sender address was obviously suspicious."

Business registration
Status: active · United States

Operated by The Rocket Science Group LLC d/b/a Mailchimp (subsidiary of Intuit Inc.), 405 N Angier Ave. NE, Atlanta, Georgia 30308

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
We searched scam-report databases, consumer-review sites, and general web sources for click.mailchimp.com and found that it is recognized as legitimate infrastructure. Business registration data confirms it is operated by The Rocket Science Group LLC (Mailchimp), a subsidiary of Intuit Inc. based in Atlanta, Georgia. While some security researchers at Stanford and other institutions note that attackers may use Mailchimp's services to send phishing emails, the domain itself is a verified business tool.

Antivirus Engines

Detection matrix · live
1 engine flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

1Malicious0Suspicious60Harmless92Engines
0
of 92
Chong Lua Dao
Malicious· malicious

1 antivirus engine flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age25 years old
RegistrarMarkMonitor Inc.
RegisteredJun 29, 2001
ExpiresJun 29, 2029
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerAmazon · Amazon RSA 2048 M04
ExpiresOct 14, 2026 (112d)
Self-signedNo
Hosting & Technology
HostingAmazon Technologies Inc.
Server locationUS
Web servernginx

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1302http://click.mailchimp.com/
  • 2200http://click.mailchimp.com/login/?referrer=%2F

Server Reputation

Abuse Intelligence
Confidence score1%
Reports on file1
ISPAmazon Technologies Inc.
Usage typeContent Delivery Network

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

  • Double-check the exact URL in your address bar

    Confirm you are actually on click.mailchimp.com and not a lookalike like c-lick.mailchimp.com.com or an IDN homoglyph.

  • Use a password manager

    Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.

  • Discuss this site on the forum

    If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

html5shim.googlecode.commandrill.comeepurl.comadmin.mailchimp.commailchimp.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review found no threat indicators on click.mailchimp.com. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
  • click.mailchimp.com passed our automated security checks with a trust score of 87/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
  • Yes. click.mailchimp.com presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M04, expiring in 112 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • click.mailchimp.com is 25.0 years old, registered on 6/29/2001 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 1 out of 92 antivirus engines in our malware network flagged click.mailchimp.com as malicious or suspicious (1 outright malicious). Even one detection is a meaningful signal.
  • No. click.mailchimp.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • click.mailchimp.com resolves to an IP operated by Amazon Technologies Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 24, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around click.mailchimp.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·click.mailchimp.com
SAFE

This is a legitimate infrastructure domain owned by Mailchimp. It is used for tracking email clicks and providing a login portal for Mandrill, their transactional email service. You can safely use this page to access your account.

This site is safe to use. Ensure you are logging in through a secure connection and that the URL in your browser matches the official Mailchimp or Mandrill domains.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Safe reports

Browse all reports
Safetrust91
maturetubehere.com
6m ago
Read the review
Safetrust95
tetech.com
8m ago
Read the review
Safetrust78
cooperandodigital.com
57m ago
Read the review
Safetrust81
appearls.com
59m ago
Read the review
Safetrust90
northbrookbhh.com
60m ago
Read the review
Safetrust85
texasprepaidlights.com
1h ago
Read the review
Safetrust95
u26381968.ct.sendgrid.net
1h ago
Read the review
Safetrust87
8ne3.net
1h ago
Read the review
Safetrust91
academiapr.org
2h ago
Read the review
Safetrust87
specialolympicspuertorico.org
2h ago
Read the review
Safetrust92
museolasamericas.org
2h ago
Read the review
Safetrust90
14gkq.mjt.lu
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.