# echange.exchange — SUSPICIOUS > echange.exchange is a suspected crypto drainer phishing site impersonating Exchange. Verify safety on PhishDestroy — flagged by 0 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies echange.exchange as an active crypto drainer phishing domain currently under investigation. This site poses as a cryptocurrency exchange platform to deceive users into connecting wallets and signing malicious transactions. The domain is flagged with a 'generic_phishing' threat type and remains classified as active, indicating ongoing malicious operations. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, showing no detections despite its evident malicious intent. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP address 104.21.42.179, and was created on March 24, 2026. The domain utilizes a Let's Encrypt SSL certificate to appear legitimate, though its recent creation and lack of detections suggest a newly deployed threat infrastructure. The current status of echange.exchange remains active, with no immediate sign of takedown or deactivation. Users are strongly advised to avoid interacting with this domain and verify any suspicious links through PhishDestroy. Blocking the IP address 104.21.42.179 at the network level is recommended to prevent accidental access. Additionally, cryptocurrency users should verify exchange domains through official channels and avoid connecting wallets to unverified platforms. Exercise heightened caution with domains mimicking established exchanges, especially those with recent registrations. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-24 18:47:58 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.42.179 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6296924e-78a1-4704-b58f-082a59283d0f - PhishDestroy: https://phishdestroy.io/domain/echange.exchange/ - LLM endpoint: https://phishdestroy.io/domain/echange.exchange/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/echange.exchange/ Last updated: 2026-03-24