Just realized that mailjet is replacing links with it's own. That's fine per se (open/click tracking etc) but the domain they have (0gxsg.mjt.lu in my case) looks like 100% phishing.
0gxsg.mjt.lu