# finance-estadao.cyou — SUSPICIOUS > Beware the finance-estadao.cyou scam! This fake news portal mimics Brazilian financial sites to steal login data. Resolves to IP 104.21.45. ## Summary PhishDestroy identifies finance-estadao.cyou as a newly active fake Brazilian financial news portal designed to harvest sensitive login credentials from unsuspecting users. This domain impersonates legitimate financial journalism platforms to trick victims into entering their email, banking, or social media passwords under the guise of accessing exclusive news content. Security researchers have flagged this domain as actively malicious, with its infrastructure already blocked by organizations like SEAL. The domain resolves to IP address 104.21.45.219 and was registered through Dynadot LLC on March 31, 2026, making it a recent but already documented threat vector. This domain was flagged after security analysis revealed zero detections on VirusTotal despite its malicious nature, with only one security blocklist currently flagging it. The use of a Let's Encrypt SSL certificate adds a false sense of legitimacy, tricking users into believing the site is secure. The domain name deliberately mimics the trusted Brazilian newspaper Estadao, specifically targeting Portuguese-speaking users interested in financial news. The combination of a recently registered domain, low blocklist coverage, and zero antivirus detections makes this a particularly dangerous threat that could spread quickly through social media and email campaigns. If you visited finance-estadao.cyou, immediately change any passwords you may have entered and enable two-factor authentication on those accounts. Scan your device for malware using reputable antivirus software, as credential-stealing malware often accompanies such scams. Report the domain to your email provider and avoid clicking any links from suspicious messages promoting financial news sites. Monitor your financial accounts closely for unauthorized activity. For future protection, bookmark legitimate news sites directly rather than clicking through external links. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 15:29:55 - Registrar: Dynadot LLC - IP: 104.21.45.219 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/finance-estadao.cyou - PhishDestroy: https://phishdestroy.io/domain/finance-estadao.cyou/ - LLM endpoint: https://phishdestroy.io/domain/finance-estadao.cyou/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/finance-estadao.cyou/ Last updated: 2026-04-04