# PhishDestroy threat dossier — barbados-exchange.cash
================================================================

Fetched:   2026-06-28 18:15:31 UTC
Canonical: https://phishdestroy.io/domain/barbados-exchange.cash/

## VERDICT
----------------------------------------------------------------
TAKEN DOWN (neutralised)
Composite threat score: 100/100 (PhishDestroy scoring — see methodology below)
Scam classification: Fake Exchange
Targeted brand: Ethereum

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      0/91 security vendors flagged this domain
Public blocklists: listed on 3 independent blocklists

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      104.21.42.110 (US, San Francisco)
ASN:             ASAS13335 CLOUDFLARENET - Cloudflare, Inc., US
Hosting org:     AS13335 Cloudflare, Inc.
Registrar:       TLD Registrar Solutions Ltd.
Nameservers:     harlan.ns.cloudflare.com, wanda.ns.cloudflare.com
Registered:      2026-03-13
Expires:         2027-03-13
Page title:      Barbados Exchange — Быстрый и безопасный криптообмен | Обмен Bitcoin, USDT, Ethereum

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: CLOSED — no report required.
This domain was neutralised before the abuse-report cycle could be dispatched — either
the hosting provider / registrar suspended it on their own, the DNS went dead, or the
operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file
for audit but no formal notice was sent.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-03-13 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-06-24 21:56:39 UTC (by PhishDestroy tracker)
First reported:    2026-06-24 20:01:22 UTC (abuse notice filed)
Last verified:     2026-06-28 19:45:47 UTC
Neutralised:       2026-06-25 03:04:03 UTC
Current status:    taken down (registrar suspended or DNS dead)

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019efb33-e22c-777b-91d9-8df750abec53/
URLQuery:         https://urlquery.net/report/c64a7014-d542-4392-8f79-0829fd1f1d13
Wayback Machine:  https://web.archive.org/web/*/barbados-exchange.cash
crt.sh CT logs:   https://crt.sh/?q=%25.barbados-exchange.cash
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=barbados-exchange.cash
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/barbados-exchange.cash
URLhaus:          https://urlhaus.abuse.ch/host/barbados-exchange.cash/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-06-24 22:04:07 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

The domain barbados-exchange.cash is currently under active investigation for its role in a crypto drainer phishing campaign. The threat involves a fraudulent cryptocurrency exchange impersonation designed to deceive users into connecting wallets and approving malicious transactions, resulting in fund drainage. No specific drainer kit has been identified in available intelligence, but the domain’s infrastructure suggests a high likelihood of automated token approval and transaction signing exploits. The campaign does not explicitly target a single brand but mimics legitimate crypto exchange domains to establish credibility, a common tactic in such operations.

Technical analysis reveals the following indicators: the domain resolves to IP address 188.114.96.3 and utilizes Cloudflare nameservers (harlan.ns.cloudflare.com and wanda.ns.cloudflare.com). The domain was registered on March 13, 2026, through TLD Registrar Solutions Ltd., with no detections recorded on VirusTotal (0/95). The infrastructure is active and currently unlisted on major blocklists. The recent creation date and clean detection history suggest this domain may be newly deployed or deliberately obfuscated to delay detection.

As of current analysis, the domain remains active with a status classified as under_investigation. No immediate blocklist inclusion is observed, but proactive blocking is recommended due to the high-risk nature of crypto drainer operations. Organizations and users are advised to block the domain and its associated IP, monitor for related C2 traffic, and audit wallet connection requests for suspicious approvals. The remaining risk is assessed as high, given the domain’s active status, lack of detections, and potential to cause financial loss through unauthorized fund transfers.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260624-BE6129
Favicon MD5:       00547981b6e15ca8312af213ccdb0e60

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/barbados-exchange.cash/
JSON API:          https://api.destroy.tools/v1/check?domain=barbados-exchange.cash
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 172,026 domains (13,415 alive under monitoring, 158,116 confirmed takedowns/dead). Site: https://phishdestroy.io