# ca.gov-zat.cfd — MALICIOUS

> PhishDestroy identifies ca.gov-zat.cfd as a credential theft domain mimicking California government services. VirusTotal flags 15/95 security vendors.

## Summary
PhishDestroy identifies ca.gov-zat.cfd as an active credential theft domain designed to mimic official California government services. This domain leverages a deceptive naming convention (ca.gov-zat.cfd) to impersonate legitimate state portals, tricking users into entering sensitive login credentials under false pretenses. The threat actor behind this campaign likely aims to harvest usernames, passwords, and potentially multifactor authentication codes for subsequent account takeovers, financial fraud, or identity theft.  This domain was flagged by 15 out of 95 security vendors on VirusTotal, indicating a significant but not universal detection rate. Technical indicators include its recent creation date (March 25, 2026), hosting on IP 43.165.68.78, and registration through Dynadot LLC. Additionally, ca.gov-zat.cfd has been blocked by OpenPhish and PhishingArmy and appears on two security blocklists, demonstrating its active misuse in phishing operations. The domain’s use of a Let’s Encrypt SSL certificate further enhances its appearance of legitimacy, a common tactic to evade user suspicion.  If you visited ca.gov-zat.cfd, immediately cease any interaction and do not enter any credentials or personal information. If you entered login details, change your passwords immediately and enable multifactor authentication where available. Consider revoking any session tokens or browser permissions granted to this domain. Report the incident to your organization’s security team or to PhishDestroy for further analysis. Monitor your accounts for unusual activity and be cautious of follow-up phishing attempts leveraging the compromised data.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-25 17:10:46
- Registrar: Dynadot LLC
- IP: 43.165.68.78

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7cb857c7-0212-4240-8e63-fe6dc148fd07
- PhishDestroy: https://phishdestroy.io/domain/ca.gov-zat.cfd/
- LLM endpoint: https://phishdestroy.io/domain/ca.gov-zat.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ca.gov-zat.cfd/
Last updated: 2026-03-27