MalwareTips
Security Review

Is fihwr9hbb.cc.rs6.net legit or a scam?

Our verdict:Safe· 84/100

Legitimate Constant Contact click-tracking redirect; parent infrastructure occasionally abused by phishers but the domain itself is not malicious.

Why we trust it
Valid SSL certificate from a tier-1 certificate authority with 108 days remaining.Domain age of 8938 days confirms long-term legitimate operation.Confirmed business registration showing rs6.net is officially operated by Constant Contact, Inc.
fihwr9hbb.cc.rs6.netScanned 3d ago
Post Facebook
0
Trust score
SAFE
Heuristics 87·MT 82
View density

Analysis Summary

Threat Intelligence
0/0
All engines report clean
Domain Age
24 years old
Registered Dec 21, 2001
MT Intelligence
Safe
Low likelihood · 92% confidence
SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

Screenshot of fihwr9hbb.cc.rs6.net
LIVE RENDER
fihwr9hbb.cc.rs6.net

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust82/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain fihwr9hbb.cc.rs6.net is part of Constant Contact's official email-tracking infrastructure, confirmed by business registration data and the company's own documentation. The subdomain follows the exact naming convention (randomstring.cc.rs6.net) that Constant Contact uses for embedding links in customer email campaigns to track opens and clicks. Our antivirus network and browser blocklists show no flags, and the SSL certificate is valid and current. The evidence package confirms that while bad actors have exploited compromised Constant Contact accounts to send phishing emails through rs6.net redirects, this specific subdomain has no independent mentions in scam reports or malware databases. The domain's age of 8938 days aligns with Constant Contact's long-term operation. The page itself displays the expected Constant Contact landing message explaining the tracking function.
Full dossier
Analysis complete

Page Content

The page displays a standard Constant Contact informational message explaining that the domain is used for embedding links in email campaigns. No login form, countdown timer, or suspicious interactive elements are present. The page loads legitimate external resources from constantcontact.com and assets.constantcontact.com.

Infrastructure

Hosted on IP 208.75.122.11 with a valid SSL certificate issued by GlobalSign (108 days to expiry). The IP has an abuse score of 0/100 and 3 historical abuse reports, which is typical for large email-infrastructure providers that handle millions of messages. Our antivirus network and sandbox analysis show no malicious flags.

Domain History

Registered 8938 days ago (approximately 24 years), indicating long-term legitimate operation as part of Constant Contact's infrastructure. The registrar is MarkMonitor Inc., a professional domain-management service commonly used by established companies. WHOIS privacy is disabled, showing transparent registration.

Web Reputation

Business registration confirms rs6.net and cc.rs6.net are operated by Constant Contact, Inc. for email link tracking and click analytics. Independent sources including Google Support and Netify document the legitimate purpose of cc.rs6.net subdomains. While community reports note that bad actors have abused Constant Contact accounts to send phishing emails through rs6.net redirects, this reflects account compromise and misuse of a legitimate service, not a malicious domain itself.

Risk Factors
3
  • Parent infrastructure rs6.net has been abused by phishers who compromised Constant Contact customer accounts to send malicious emails.
  • 3 historical abuse reports on the hosting IP, though typical for large email-service providers.
  • No direct contact information (email, phone, address) on the landing page, consistent with tracking-redirect design rather than a customer-facing site.
Positive Signals
5
  • Valid SSL certificate from a tier-1 certificate authority with 108 days remaining.
  • Domain age of 8938 days confirms long-term legitimate operation.
  • Confirmed business registration showing rs6.net is officially operated by Constant Contact, Inc.
  • Clean antivirus scan and no browser blocklist flags.
  • Page content and subdomain naming convention match Constant Contact's documented tracking-redirect pattern.
AI Recommendation
This domain is safe to visit. If you received an email with a link to this domain, it came from a Constant Contact customer's email campaign and the redirect is normal. However, if you suspect the email itself was phishing, report it to your email provider rather than clicking further links in the message.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for fihwr9hbb.cc.rs6.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
24 yrs
Registered Dec 2001
Business registration
Active · United States
Site traces back to an actively registered business.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 3 complaints · 3 positive
Key findings
7 headline facts from open-web research
  • fihwr9hbb.cc.rs6.net follows the exact naming convention used by Constant Contact for click-tracking redirects in marketing emails (e.g. similar to z4jeubsab.cc.rs6.net, r20.rs6.net).
  • rs6.net is officially owned and used by Constant Contact, Inc. for embedding links in customer email campaigns to track opens, clicks, and engagement.
  • Multiple reports document bad actors abusing compromised or poorly vetted Constant Contact accounts to send phishing emails that route through rs6.net subdomains.
  • Cybersecurity professionals have noted a significant uptick in phishing campaigns leveraging rs6.net redirects, leading some organizations to consider blocking the domain.
  • The specific subdomain fihwr9hbb.cc.rs6.net has no independent mentions in public scam reports, reviews, or malware databases beyond the general pattern of the parent infrastructure.
  • Domain age of 8938 days aligns with long-term operation of Constant Contact's tracking infrastructure.
  • Page title "Constant Contact" is consistent with how their tracking redirects present.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • Constant Contact Communityopen

    "huge uptick in bad actors abusing Constant Contact for phishing... many users are clicking on malicious phishing links using rs6.net redirects"

  • Reddit r/sysadminopen

    "Click Tracking site rs20.rs6.net hosting phishing links... It's owned by constant contact, and we've seen a number of phishing campaigns use it as a launch pad."

Positive reviews (3)
Quotes indicating the site is legitimate.
  • Google Supportopen

    "The redirection of email links in Gmail through z4jeubsab.cc.rs6.net is typically due to link tracking by Constant Contact, an email marketing platform."

  • Netifyopen

    "cc.rs6.net is associated with the Constant Contact application."

  • rs6.net officialopen

    "This domain is used by r20.rs6.net as the root domain for certain links embedded in email campaigns sent on behalf of our customers."

Business registration
Status: active · United States

rs6.net and cc.rs6.net are operated by Constant Contact, Inc. for email link tracking and click analytics

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found 2 scam-related mentions and 3 positive references. The scam mentions describe phishing campaigns that route through rs6.net subdomains, but these are cases where bad actors compromised Constant Contact customer accounts to send malicious emails — not evidence that the tracking infrastructure itself is malicious. Google Support and Netify both confirm that cc.rs6.net subdomains are part of Constant Contact's legitimate email-tracking service. Constant Contact's official rs6.net documentation states the domain is used for embedding links in customer email campaigns to track opens and clicks. The specific subdomain fihwr9hbb.cc.rs6.net has no independent scam reports or complaints.

Antivirus Engines

Clean pass · verified
Clean across 0 engines

We cross-check every URL against our antivirus network of 0 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious0Harmless0Engines
Clean
Kaspersky
Not in pass
Bitdefender
Not in pass
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Not in pass
Fortinet
Not in pass
Google Safebrowsing
Not in pass
Emsisoft
Not in pass

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age24 years old
RegistrarMarkMonitor Inc.
RegisteredDec 21, 2001
ExpiresDec 21, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.2
IssuerGlobalSign nv-sa · GlobalSign Atlas ECCR5 OV TLS CA 2026 Q1
ExpiresSep 27, 2026 (108d)
Self-signedNo
Hosting & Technology
HostingConstant Contact, Inc
Server locationUS
Web serverApache

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file3
ISPConstant Contact, Inc
Usage typeCommercial

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

  • Double-check the exact URL in your address bar

    Confirm you are actually on fihwr9hbb.cc.rs6.net and not a lookalike like f-ihwr9hbb.cc.rs6.net.com or an IDN homoglyph.

  • Use a password manager

    Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.

  • Discuss this site on the forum

    If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

assets.constantcontact.comconstantcontact.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review found no threat indicators on fihwr9hbb.cc.rs6.net. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
  • fihwr9hbb.cc.rs6.net passed our automated security checks with a trust score of 84/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
  • Yes. fihwr9hbb.cc.rs6.net presents a valid TLSv1.2 certificate issued by GlobalSign nv-sa · GlobalSign Atlas ECCR5 OV TLS CA 2026 Q1, expiring in 108 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • fihwr9hbb.cc.rs6.net is 24.5 years old, registered on 12/21/2001 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 0 antivirus engines in our malware network report fihwr9hbb.cc.rs6.net as clean.
  • No. fihwr9hbb.cc.rs6.net is not currently listed on the major browser blocklist feeds that modern browsers use.
  • fihwr9hbb.cc.rs6.net resolves to an IP operated by Constant Contact, Inc in US (usage type: Commercial). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 11, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around fihwr9hbb.cc.rs6.net have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·fihwr9hbb.cc.rs6.net
SAFE

This is a legitimate Constant Contact email-tracking subdomain used to redirect and monitor clicks in marketing campaigns. While bad actors have abused the parent rs6.net infrastructure for phishing, this specific subdomain shows no independent scam reports and follows Constant Contact's standard operational pattern.

This domain is safe to visit. If you received an email with a link to this domain, it came from a Constant Contact customer's email campaign and the redirect is normal. However, if you suspect the email itself was phishing, report it to your email provider rather than clicking further links in the message.

AV engines
0
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Safe reports

Browse all reports
Safetrust88
fmhy.net
5m ago
Read the review
Safetrust97
reddit.com
15m ago
Read the review
Safetrust83
werk34.de
39m ago
Read the review
Safetrust86
offgassolutions.com.au
45m ago
Read the review
Safetrust82
corteva.service-now.com
46m ago
Read the review
Safetrust89
www.ipaddress.com
2h ago
Read the review
Safetrust85
sync.inmobi.com
2h ago
Read the review
Safetrust79
motherroot.com
3h ago
Read the review
Safetrust82
ebenezercollege.edu.in
3h ago
Read the review
Safetrust85
satoyasu.net
3h ago
Read the review
Safetrust86
oasissuperstore.com
4h ago
Read the review
Safetrust76
maskow.in
4h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.