The strange thing with exch[.]cd is that it is not listed in any WHOIS database:
...
I get these details from
https://whois.domaintools.com/exch.cd:
Whois Record for ExCh.cd
Domain Profile
Registrar SCPT
IANA ID: —
URL: —
Whois Server: —
Registrar Status ok
Dates 124 days old
Created on 2024-12-30
Expires on 2025-12-30
Updated on 2025-02-03
Name Servers MILLIE.NS.CLOUDFLARE.COM (has 29,956,777 domains)
SRI.NS.CLOUDFLARE.COM (has 29,956,777 domains)
IP Address 185.196.11.206 - 1 other site is hosted on this server
IP Location Switzerland - Bern - Port - Global-data System It Corporation
ASN Switzerland AS42624 swissnetwork02 Global-Data System IT Corporation, SC (registered Mar 24, 2017)
IP History 2 changes on 2 unique IP addresses over 0 years
Hosting History 1 change on 2 unique name servers over 0 year
Whois Record ( last updated on 2025-05-03 )
Domain Name: exch.cd
Registry Domain ID: 20195-niccd
Registry WHOIS Server: whois.nic.cd
Updated Date: 2025-02-03T12:00:16.313Z
Creation Date: 2024-12-30T10:45:03.526Z
Registry Expiry Date: 2025-12-30T10:45:03.588Z
Registrar Registration Expiration Date: 2025-12-30T10:45:03.588Z
Registrar: SCPT
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: h6OGA-3X0LX
Registrant Name: Redacted | EU Data Subject
Registrant Street: Redacted | EU Data Subject
Registrant City: Redacted | EU Data Subject
Registrant State/Province: Redacted | EU Data Subject
Registrant Postal Code: Redacted | EU Data Subject
Registrant Country: DE
Registrant Phone: Redacted | EU Data Subject
Registrant Email: Redacted | EU Data Subject
Registry Admin ID: 7dtdU-MNNaA
Admin Name: Redacted | EU Data Subject
Admin Street: Redacted | EU Data Subject
Admin City: Redacted | EU Data Subject
Admin State/Province: Redacted | EU Data Subject
Admin Postal Code: Redacted | EU Data Subject
Admin Country: DE
Admin Phone: Redacted | EU Data Subject
Admin Email: Redacted | EU Data Subject
Registry Tech ID: tu4lt-ZDyS4
Tech Name: Redacted | EU Data Subject
Tech Street: Redacted | EU Data Subject
Tech City: Redacted | EU Data Subject
Tech State/Province: Redacted | EU Data Subject
Tech Postal Code: Redacted | EU Data Subject
Tech Country: DE
Tech Phone: Redacted | EU Data Subject
Tech Email: Redacted | EU Data Subject
Registry Billing ID: pE2EY-DMCVw
Billing Name: Redacted | EU Data Subject
Billing Street: Redacted | EU Data Subject
Billing City: Redacted | EU Data Subject
Billing State/Province: Redacted | EU Data Subject
Billing Postal Code: Redacted | EU Data Subject
Billing Country: DE
Billing Phone: Redacted | EU Data Subject
Billing Email: Redacted | EU Data Subject
Name Server: millie.ns.cloudflare.com
Name Server: sri.ns.cloudflare.com
DNSSEC: unsigned
For more information on Whois status codes, please visit https://icann.org/epp
~~~
To complain to ICANN about a registrar's negligence to prevent phishing abuse by domains under registrar's control, we would need solid evidence that the registrar didn't act after being notified.
Whatever it takes to gather such evidence, I would assume it needs to be solid and best a lot of it, too. We may need to pool such evidence somehow.
E.g. 1api.net responded with a ticket no. but hasn't came back to me since too many days. I speak German, but I don't have a burner phone to call them and maintain my anonymity properly. Need to figure out how to do it with proper opsec. I don't really want to link my account here with my real identity.
@eXch and @eXch Support should in my opinion show clearly on their remaining online domains that any other imposter domains offering coin swap services are a scam. They clearly tell, they closed their operation. In my opinion they should list the only valid domain names they use(d) and any other domains are imposters with scam intent.