# brokertribunal.com — SUSPICIOUS > PhishDestroy identifies brokertribunal.com as an active OKX brand impersonation posing as a crypto broker review site. This domain resolved to IP 209.42.26. ## Summary PhishDestroy identifies brokertribunal.com as an active brand impersonation site targeting OKX users. Registered on August 17, 2018, the domain resolves to IP 209.42.26.48 and is currently engaged in fraudulent impersonation of the legitimate OKX cryptocurrency exchange platform. No drainer kit artifacts are confirmed at this time, and the threat appears to rely on domain similarity and brand confusion rather than technical exploitation kits. This domain was flagged by 2 of 95 VirusTotal security vendors, indicating limited but present detection coverage. It was registered through NAMECHEAP INC and secured with a Let’s Encrypt SSL certificate. The domain has been active since 2018, suggesting a long-term infrastructure potentially leveraged for sustained phishing or impersonation campaigns. While not currently listed on Google Safe Browsing (GSB), it has accrued minimal blocklist presence, reflecting low global visibility but persistent local risk. The site remains active as of the latest scan. Users are strongly advised not to interact with brokertribunal.com or any linked pages claiming affiliation with OKX. Immediate reporting to OKX support and local cybersecurity authorities is recommended. While the current risk is elevated due to active impersonation, the lack of widespread blocklisting and low VT detection suggests this threat may currently evade broader defenses. Continuous monitoring and proactive blocking at the network level are advised to mitigate further exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OKX ## Domain Intelligence - Registered: 2018-08-17 13:09:28 - Registrar: NAMECHEAP INC - IP: 209.42.26.48 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/46751157-c56a-48b4-87d6-5367be4a8283 - PhishDestroy: https://phishdestroy.io/domain/brokertribunal.com/ - LLM endpoint: https://phishdestroy.io/domain/brokertribunal.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/brokertribunal.com/ Last updated: 2026-03-27