Both of those work. Additionally, monero(.)forex is back. They got the domains back after some complaints most probably and had people tricked that they aren't doing anything bad and malicious even though they advertise phishing sites.
At least neither darknetbible nor monero(.)forex drive traffic to phishing websites of eXch anymore. For whatever that's worth.
As I said earlier, these two domains will be difficult to take down (despite all our communications alerting the registrars), as their content is not phishing in itself. They may claim that they were also deceived and caught in this scheme.
To try to be more efficient, we have to go after these two domains:
xchange[.]cx
stealthex[.]co
They are the new element of the scheme, and for that they have to be overthrown.