# ca.gov-mna.cfd — MALICIOUS

> Domain ca.gov-mna.cfd is a LIVE crypto drainer mimicking ca.gov. Google Safe Browsing blacklists it. Verify immediately on PhishDestroy.

## Summary
PhishDestroy identifies domain ca.gov-mna.cfd as an active crypto-draining phishing site impersonating California state services. The page is designed to trick visitors into connecting crypto wallets and silently drain assets via a JavaScript-based drainer kit. No legitimate state portal behavior is observed; the site only checks for wallet connectivity before initiating unauthorized transfers.


Technical analysis shows a 11/95 VirusTotal detection score, with Google Safe Browsing flagging it as social engineering. The domain was registered through Dynadot LLC on March 26, 2026, and resolves to IPv4 address 43.165.68.78. It obtained a Let's Encrypt SSL certificate to appear trustworthy, but this does not prevent drainer execution. Eleven vendors already flag the host, and additional blocklists are expected to catch up within 24-48 hours.


The domain remains ACTIVE and poses HIGH risk to any user visiting or clicking links. PhishDestroy has flagged the site and recommends immediate blocking at the network and endpoint levels. Users who have interacted with the domain should revoke wallet permissions and check transaction histories for unauthorized transfers. Remaining risk is HIGH until widespread takedown occurs.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 12:22:55
- Registrar: Dynadot LLC
- IP: 43.165.68.78

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/311bab6b-0c8c-4083-b578-59ff2a7b5e09
- PhishDestroy: https://phishdestroy.io/domain/ca.gov-mna.cfd/
- LLM endpoint: https://phishdestroy.io/domain/ca.gov-mna.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ca.gov-mna.cfd/
Last updated: 2026-03-28