# ca.gov-zxq.info — MALICIOUS

> ca.gov-zxq.info impersonates California's official domain with a crypto drainer kit. This high-risk domain is flagged by 16/95 VirusTotal engines and Google.

## Summary
PhishDestroy identifies ca.gov-zxq.info as an active generic phishing domain impersonating the official California state government portal. The domain hosts a crypto drainer kit designed to steal cryptocurrency funds from unsuspecting users by mimicking legitimate state services. Victims are lured via spoofed emails or social media links, where the fraudulent site prompts wallet connections under false pretenses.  This domain exhibits multiple red flags detailed in forensic analysis. As of the latest intelligence, ca.gov-zxq.info shows a VirusTotal detection score of 16 out of 95 security vendors, indicating significant malicious activity. The domain was registered with an obscure registrar and resolves to IP address 43.165.68.78. Notably, Google Safe Browsing flags this domain under the SOCIAL_ENGINEERING category, a clear indicator of deceptive practices. Further, it appears on two security blocklists including OpenPhish and PhishingArmy, reinforcing its malicious nature.  As of current assessment, ca.gov-zxq.info remains active and poses a high risk to visitors. Immediate actions include blocking the domain at the network level and updating threat intelligence feeds to prevent access. While response efforts have mitigated some exposure, the domain's use of a Let's Encrypt SSL certificate and active hosting infrastructure means the risk of victimization persists. Users are strongly advised to verify domains through trusted sources like PhishDestroy before interaction. This domain exemplifies the evolving tactics of crypto scammers leveraging government impersonation to exploit public trust.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 43.165.68.78

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/52ca1943-190a-451a-8ec1-782e826edf17
- PhishDestroy: https://phishdestroy.io/domain/ca.gov-zxq.info/
- LLM endpoint: https://phishdestroy.io/domain/ca.gov-zxq.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ca.gov-zxq.info/
Last updated: 2026-03-29