# yellkingx.shop — SUSPICIOUS

> yellkingx.shop hosts a crypto drainer posing as a legitimate service. Zero detections on VirusTotal (0/95).

## Summary
PhishDestroy identifies yellkingx.shop as an active crypto drainer impersonation domain under investigation. This domain employs brand impersonation tactics to deceive users into connecting their cryptocurrency wallets, aiming to drain funds through malicious smart contract interactions. The site masquerades as a legitimate service to exploit user trust and technical naivety in the decentralized finance space.

This domain was flagged with a risk level of 'under_investigation' and exhibits multiple red flags. It resolves to IP address 104.21.95.95 and utilizes a Let's Encrypt SSL certificate for a false sense of security. VirusTotal currently shows 0 out of 95 security engines detecting the domain, indicating it evades current detection mechanisms. The infrastructure is hosted on Cloudflare's network, which provides anonymity and resilience against takedown efforts. The domain is registered through Namecheap, a registrar known to host both legitimate and malicious domains, with creation dates suggesting recent deployment (exact date not disclosed). This domain does not appear on major blocklists such as Google Safe Browsing, PhishTank, or OpenPhish at the time of analysis, further contributing to its stealth. Domain trust scores from tools like Cisco Talos and Web of Trust are not yet available or remain neutral, suggesting emerging malicious activity.

To mitigate risks associated with crypto drainer domains like yellkingx.shop, users must exercise extreme caution when interacting with any service requesting cryptocurrency wallet connections. Always verify the legitimacy of the domain through official channels, such as checking the project's verified social media or website. Use hardware wallets for transactions and revoke any unnecessary smart contract approvals in your wallet settings. Browser extensions like WalletGuard or Etherscan's token approval checker can provide real-time warnings about malicious domains. Organizations should deploy DNS filtering solutions with threat intelligence feeds to block access to such domains at the network level. Report suspicious domains to cybersecurity authorities and cryptocurrency platforms to aid in takedown efforts. Never share private keys or seed phrases, and always cross-reference URLs with official sources before engaging in any blockchain-related activities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.21.95.95

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/yellkingx.shop
- PhishDestroy: https://phishdestroy.io/domain/yellkingx.shop/
- LLM endpoint: https://phishdestroy.io/domain/yellkingx.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/yellkingx.shop/
Last updated: 2026-04-10