MalwareTips
Security Review

Is bnu4.com legit or a scam?

Our verdict:Dangerous· 1/100

Fake Mexican news site flagged as phishing by multiple antivirus engines, designed to harvest credentials or distribute malware.

Top reasons
Six antivirus engines classify the domain as phishing or malicious, including tier-1 detectors BitDefender and Fortinet.Fake news-outlet impersonation with fabricated Mexico City address and phone number designed to appear legitimate.Mixed-language body text (Spanish, Ukrainian, Portuguese) indicates automated or low-effort content assembly, not a real newsroom.
bnu4.comScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 40
Category tags
news-and-media#Phishing#Clone Site72% MT confidence
Technical red flags (1)
10 of 92 engines flagged
Warning signals (1)
Domain is 6 months old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
10/92
Engines flagged this URL
Domain Age
6 months old
Registered Nov 21, 2025
MT Intelligence
Suspicious
High likelihood · 72% confidence
DANGEROUS

Critical risk detected

10 of 92 antivirus engines flag this page as malicious. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of bnu4.com
LIVE RENDER
bnu4.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspection
0%
Confidence
The page presents itself as 'México Hoy' (Mexico Daily), a local news outlet covering Mexico City events and government activity. However, six antivirus engines—including BitDefender, Fortinet, and alphaMountain.ai—classify it as phishing. The domain was registered 201 days ago with a Mexico City address (Calle Varsovia 36, Juárez) and phone number (+52 55 4006 8530), both of which appear designed to create false legitimacy rather than represent a real newsroom. The page lacks any contact email despite claiming to be an active news organisation, and the body text contains mixed-language fragments (Spanish, Ukrainian, Portuguese) suggesting automated or low-effort content assembly. The site loads external resources from legitimate CDNs (jsdelivr, Google Fonts, Cloudflare) to bypass initial detection, a common phishing tactic. Together, these signals indicate a credential-harvesting or malware-distribution clone rather than a genuine news platform.
Full dossier
Analysis complete

Page Content

The page claims to be 'México Hoy — Información al instante' (Mexico Daily — Instant Information), presenting itself as a local news outlet focused on Mexico City government, infrastructure, culture, and business. The body text is a mix of Spanish, Ukrainian, and Portuguese fragments, suggesting either automated translation or content scraping. No contact email is provided despite the site listing a physical address and phone number. The page structure includes standard news categories (Mundo, Economía, Política, Deportes, Cultura, Salud, Tecnología, Sociedad) and footer links to privacy policy, terms, and cookie policy—all hallmarks of a legitimate-looking clone.

Infrastructure

The domain resolves to IP 104.21.21.53 with a valid SSL certificate issued by Google Trust Services, expiring in 68 days. The hosting IP has zero abuse reports and a clean reputation score (0/100), suggesting the attacker is using a reputable hosting provider to avoid immediate IP-level blocking. External resources load from cdn.jsdelivr.net, fonts.googleapis.com, and static.cloudflareinsights.com—all legitimate third-party services that help the page appear trustworthy.

Domain History

Registered 201 days ago via Registrar.eu (Hosting Concepts B.V.), the domain is not privacy-protected, meaning the registrant details are publicly visible. The age (approximately 6.5 months) is consistent with a phishing campaign that has been active for several months. No redirect chains or homoglyph tricks were detected.

Web Reputation

Six antivirus engines flag the domain as phishing or malicious: ADMINUSLabs (malicious), alphaMountain.ai (phishing), BitDefender (phishing), Chong Lua Dao (malicious), Forcepoint ThreatSeeker (phishing), and Fortinet (phishing). Browser blocklists remain clean, and the sandbox did not trigger, suggesting the page itself does not host executable malware—instead, it is designed to harvest credentials or social-engineer visitors into downloading malicious files.

Risk Factors
7
  • Six antivirus engines classify the domain as phishing or malicious, including tier-1 detectors BitDefender and Fortinet.
  • Fake news-outlet impersonation with fabricated Mexico City address and phone number designed to appear legitimate.
  • Mixed-language body text (Spanish, Ukrainian, Portuguese) indicates automated or low-effort content assembly, not a real newsroom.
  • No contact email provided despite claiming to be an active news organisation with a physical address.
  • Loads external resources from legitimate CDNs to bypass initial detection—a common phishing tactic.
  • Domain registered 201 days ago with no legitimate business registration or news-outlet verification.
  • Zero social media links or external news-industry presence, inconsistent with a real media outlet.
Positive Signals
4
  • Hosting IP has zero abuse reports and a clean reputation score.
  • Valid SSL certificate from a trusted issuer (Google Trust Services).
  • No malware detected in our sandbox analysis.
  • Browser blocklists do not flag the domain, suggesting it has not yet been widely reported.
AI Recommendation
Do not visit this site or enter any personal information. If you arrived here via a search result or link, report it to your browser's security team. The domain is designed to impersonate a legitimate news outlet and has been flagged as phishing by multiple antivirus engines.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for bnu4.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
6 months
Registered Nov 2025
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Research summary
Narrative write-up from our AI analyst

No independent review aggregators provided ratings for this domain.

Antivirus Engines

Detection matrix · live
10 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

10Malicious0Suspicious50Harmless92Engines
0
of 92
ADMINUSLabs
Malicious· malicious
alphaMountain.ai
Malicious· phishing
BitDefender
Malicious· phishing
Chong Lua Dao
Malicious· malicious
Forcepoint ThreatSeeker
Malicious· phishing
Fortinet
Malicious· phishing
G-Data
Malicious· phishing
Kaspersky
Malicious· phishing
Lionic
Malicious· phishing
Sophos
Malicious· phishing

10 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbers+52 55 4006 8530
Postal addressPresent
Linked social profiles0
Signal Summary
Contact details look reasonable
  • No contact email found anywhere on the page.
  • Phone number listed (+52 55 4006 8530).
  • Postal address visible on the page.

Domain & Encryption

Domain History
Age6 months old
RegistrarHosting Concepts B.V. d/b/a Registrar.eu
RegisteredNov 21, 2025
ExpiresNov 21, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 17, 2026 (68d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare
Platform / CMSWordPress

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://bnu4.com/
  • 2200https://bnu4.com/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with bnu4.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

cdn.jsdelivr.netfonts.googleapis.comstatic.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags bnu4.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — bnu4.com scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. bnu4.com presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 68 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • bnu4.com is 6 months old, registered on 11/21/2025 through Hosting Concepts B.V. d/b/a Registrar.eu. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 10 out of 92 antivirus engines in our malware network flagged bnu4.com as malicious or suspicious (10 outright malicious). Even one detection is a meaningful signal.
  • No. bnu4.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • bnu4.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 10, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around bnu4.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·bnu4.com
DANGEROUS

A fake news site impersonating a Mexican news outlet, flagged as phishing by six antivirus engines. The domain is 201 days old with a Mexico City address and phone number that appear fabricated to add legitimacy.

Do not visit this site or enter any personal information. If you arrived here via a search result or link, report it to your browser's security team. The domain is designed to impersonate a legitimate news outlet and has been flagged as phishing by multiple antivirus engines.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust24
skyscannet.net
31m ago
Read the review
Dangeroustrust1
eng-ledger-cdn-app.pages.dev
32m ago
Read the review
Dangeroustrust1
coinspro.net
33m ago
Read the review
Dangeroustrust38
mypinata-pulsex.pages.dev
34m ago
Read the review
Dangeroustrust24
everyworld-token.pages.dev
34m ago
Read the review
Dangeroustrust1
home.zazawin.com
36m ago
Read the review
Dangeroustrust45
exchanger-2vk.pages.dev
36m ago
Read the review
Dangeroustrust12
sol-anal.pages.dev
38m ago
Read the review
Dangeroustrust1
dex-auto-rectify.pages.dev
38m ago
Read the review
Dangeroustrust15
avc-bridge.pages.dev
38m ago
Read the review
Dangeroustrust1
feg-chain.pages.dev
40m ago
Read the review
Dangeroustrust14
rainbow-4kj.pages.dev
40m ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.