MalwareTips
Security Review

Is bug-tracker-z4mi.onrender.com legit or a scam?

Our verdict:Dangerous· 25/100

Credential-harvesting phishing page disguised as a bug-tracker login, deployed today on Render.com with zero business legitimacy signals.

Top reasons
Domain deployed 0 days ago with no prior web history or business legitimacy.Credential-harvesting login form with no legitimate project context or company identity.Hosted on Render.com, a platform documented in security forums as frequently abused for phishing pages.
bug-tracker-z4mi.onrender.comScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 52·MT 18
Category tags
phishing#Phishing#Data Harvester92% MT confidence
Technical red flags (1)
Domain is 0 days old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/0
All engines report clean
Domain Age
0 days old
Registration date unknown
MT Intelligence
Dangerous
Critical likelihood · 92% confidence
DANGEROUS

Critical risk detected

Domain was registered only 0 days ago — brand-new sites are higher-risk by default. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of bug-tracker-z4mi.onrender.com
LIVE RENDER
bug-tracker-z4mi.onrender.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
This domain was registered and deployed within the last 24 hours on Render.com, a legitimate hosting platform frequently exploited for phishing attacks. The page presents a login form requesting username and password with no legitimate business context — no company name, contact information, or verifiable project association exists anywhere on the web. The footer copyright year is 2026, a common phishing-page artifact. The hosting IP has a moderate abuse score with 2 prior reports. Combined with the brand-new deployment, complete absence of business registration, and credential-harvesting form design, this exhibits the classic pattern of a temporary phishing infrastructure.
Full dossier
Analysis complete

Page Content

The page displays a generic 'Sign In - Bug Tracker' login form requesting username and password credentials. The text 'Welcome Back' and 'Enter your credentials to access the Bug Tracker' are designed to appear legitimate but lack any specific project context, company branding, or business identity. The footer shows a copyright year of 2026, which is inconsistent with a legitimate 2024–2025 deployment and is a known phishing-page indicator.

Infrastructure

Hosted on Render.com (onrender.com subdomain), a free/paid platform that is frequently abused for phishing and malware distribution. The hosting IP 216.24.57.8 has an abuse score of 14/100 with 2 prior abuse reports. SSL is valid and issued by Google Trust Services, which is common for phishing pages that use legitimate certificate authorities.

Domain History

Domain age is 0 days — deployed within the last 24 hours. No WHOIS registration details are publicly available. The domain has never been indexed by search engines and carries no traffic history.

Web Reputation

No scam reports, complaints, or positive reviews found on any consumer-review site or security forum. No business registration, company name, or legitimate project association discovered. The complete absence of any web footprint combined with the brand-new deployment is consistent with temporary phishing infrastructure designed to be discarded after a short campaign.

Risk Factors
7
  • Domain deployed 0 days ago with no prior web history or business legitimacy.
  • Credential-harvesting login form with no legitimate project context or company identity.
  • Hosted on Render.com, a platform documented in security forums as frequently abused for phishing pages.
  • Footer copyright year is 2026, inconsistent with current deployment and a known phishing-page artifact.
  • Hosting IP has abuse score of 14/100 with 2 prior abuse reports.
  • No business registration, contact details, or verifiable association found anywhere on the web.
  • Generic 'Bug Tracker' branding with no specific company or project name to establish legitimacy.
Positive Signals
1
  • SSL certificate is valid and issued by a trusted certificate authority.
AI Recommendation
Do not enter any credentials on this page. If you received a link to this site in an email or message, report it as phishing to your email provider or the relevant platform. If you have already entered credentials, change your password immediately on the legitimate service this page impersonates.
Scam network detected
Related infrastructure identified

Likely part of a temporary phishing campaign. The domain and page design follow the pattern of disposable credential-harvesting infrastructure. No linked domains identified, but the Render.com subdomain structure and brand-new deployment suggest this may be one of multiple similar pages deployed in parallel.

Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for bug-tracker-z4mi.onrender.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
0 days
Brand-new domains are higher-risk by default.
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Key findings
7 headline facts from open-web research
  • Domain registered or deployed 0 days ago
  • Hosted on Render.com (onrender.com subdomain), a legitimate free/paid hosting platform frequently abused for phishing pages
  • Page title and content: "Sign In - Bug Tracker" with text "Welcome Back", "Enter your credentials to access the Bug Tracker", username/password fields, and "SIGN IN" button
  • Footer shows "© 2026 Bug Tracker Dashboard. All rights reserved." (note future-year copyright)
  • No mentions, reviews, complaints, or references to this exact subdomain found on web, Reddit, or security forums
  • Render.com community threads document multiple cases of phishing sites hosted on the platform, including fake login pages
  • No business name, contact details, or legitimate project association discovered
Research summary
Narrative write-up from our AI analyst, grounded on the facts above

We searched scam-report databases, consumer-review sites, and general web sources for bug-tracker-z4mi.onrender.com and found no scam reports, complaints, or positive reviews. No business entity, registration, or owner information was located. The domain is brand-new and has no web footprint. For a newly deployed phishing page, absence of reports is expected — the infrastructure is typically discarded after a short campaign. Render.com community discussions document multiple cases of phishing pages hosted on the platform using similar patterns: generic login forms, minimal branding, and rapid deployment-and-abandonment cycles.

Antivirus Engines

Clean pass · verified
Clean across 0 engines

We cross-check every URL against our antivirus network of 0 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious0Harmless0Engines
Clean
Kaspersky
Not in pass
Bitdefender
Not in pass
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Not in pass
Fortinet
Not in pass
Google Safebrowsing
Not in pass
Emsisoft
Not in pass

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age0 days old
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 24, 2026 (70d)
Self-signedNo
Hosting & Technology
HostingRender
Server locationUS
Web servercloudflare

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://bug-tracker-z4mi.onrender.com/
  • 2200https://bug-tracker-z4mi.onrender.com/

Server Reputation

Abuse Intelligence
Confidence score14%
Reports on file2
ISPRender
Usage typeData Center/Web Hosting/Transit

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with bug-tracker-z4mi.onrender.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

cdn.jsdelivr.netfonts.googleapis.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags bug-tracker-z4mi.onrender.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — bug-tracker-z4mi.onrender.com scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. bug-tracker-z4mi.onrender.com presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 70 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • bug-tracker-z4mi.onrender.com is 0 days old. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 0 antivirus engines in our malware network report bug-tracker-z4mi.onrender.com as clean.
  • No. bug-tracker-z4mi.onrender.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • bug-tracker-z4mi.onrender.com resolves to an IP operated by Render in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 15, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around bug-tracker-z4mi.onrender.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·bug-tracker-z4mi.onrender.com
DANGEROUS

A fake login page deployed today on a free hosting platform with no legitimate business presence. The page mimics a generic bug-tracking interface to harvest credentials.

Do not enter any credentials on this page. If you received a link to this site in an email or message, report it as phishing to your email provider or the relevant platform. If you have already entered credentials, change your password immediately on the legitimate service this page impersonates.

AV engines
0
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust37
rollupy.waw.pl
3m ago
Read the review
Dangeroustrust1
usc1.contabostorage.com
58m ago
Read the review
Dangeroustrust1
allyouneedis0070.online
58m ago
Read the review
Dangeroustrust1
supersalelinks.com
1h ago
Read the review
Dangeroustrust22
9convert.com
1h ago
Read the review
Dangeroustrust6
tapgiftcard.com
1h ago
Read the review
Dangeroustrust1
spincraze.io
1h ago
Read the review
Dangeroustrust1
aleksandarkaraev.com
1h ago
Read the review
Dangeroustrust38
t-fest.pl
1h ago
Read the review
Dangeroustrust31
9convert.org
1h ago
Read the review
Dangeroustrust36
moviesload.online
1h ago
Read the review
Dangeroustrust12
veripedia.online
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.