# PhishDestroy threat dossier — silvereconomycongress.com ================================================================ Fetched: 2026-05-15 15:56:38 UTC Canonical: https://phishdestroy.io/domain/silvereconomycongress.com/ ## VERDICT ---------------------------------------------------------------- ACTIVE + CLOAKED — returns HTTP 666 to scanners, real fraudulent site to victims Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: unknown Cloaking: DETECTED — domain returns custom HTTP 666 to scanners while serving fraudulent content to real users (type: content_divergence) (score: 1/6) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 4/92 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 162.241.203.121 (BR, Vinhedo) ASN: AS31898 Oracle Corporation Hosting org: Unified Layer Registrar: GoDaddy.com, LLC Nameservers: ns28.hostgator.co, ns29.hostgator.co Registered: 2024-09-04 Page title: SILVER ECONOMY 2026 HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / R12 Expires: 2026-08-06 Status: INVALID chain Fingerprint: 0d54596f35974596283aebb3b88cd7379acebc6586e2be0739823d1669e7d174 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2024-09-04 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-05-12 14:18:17 UTC (by PhishDestroy tracker) First reported: 2026-05-12 11:19:14 UTC (abuse notice filed) Last verified: 2026-05-15 18:54:39 UTC Neutralised: 2026-05-14 03:34:01 UTC Current status: ACTIVE — cloaked behind HTTP 666 to evade scanners ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019e1be6-a2d0-718d-9765-562d57098a99/ URLQuery: https://urlquery.net/report/d8c200b8-0a3e-4537-8677-cb52b5f87da3 Wayback Machine: https://web.archive.org/web/*/silvereconomycongress.com crt.sh CT logs: https://crt.sh/?q=%25.silvereconomycongress.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=silvereconomycongress.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/silvereconomycongress.com URLhaus: https://urlhaus.abuse.ch/host/silvereconomycongress.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-05-12 14:19:01 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies silvereconomycongress.com as an active credential theft domain under investigation for potential credential harvesting activities. The recently registered domain (September 04, 2024) uses a Let's Encrypt SSL certificate and resolves to IP 162.241.203.121, with hosting provided through GoDaddy.com, LLC. Currently, the domain shows 0/95 VirusTotal detections, indicating it has evaded immediate detection by antivirus engines despite suspicious behavioral patterns aligned with credential theft campaigns. This domain exhibits multiple red flags consistent with credential theft operations. The creation date of September 04, 2024, is unusually recent for legitimate organizations, especially those claiming to host high-profile economic conferences. The hosting IP 162.241.203.121 has no established reputation and is not associated with known legitimate services. The use of GoDaddy.com, LLC as registrar is common across both legitimate and malicious domains, providing no definitive indication of legitimacy. The Let's Encrypt SSL certificate, while enhancing visual trust by displaying HTTPS, offers no assurance of authenticity—cybercriminals frequently exploit free certificates to mimic legitimate websites. Most critically, the complete absence of detections on VirusTotal (0/95) suggests either extremely new malicious infrastructure or highly sophisticated evasion techniques, both of which warrant heightened caution. Credential theft domains like silvereconomycongress.com commonly deploy fake login portals to harvest usernames, passwords, or financial details under the guise of conference registration, membership verification, or account updates. Users arriving via phishing emails or sponsored ads may be prompted to enter sensitive information that is immediately exfiltrated to attacker-controlled servers. Given the domain's active status, lack of detection, and alignment with known credential theft tactics, PhishDestroy strongly advises against any form of interaction—including clicking links, downloading files, or submitting data. If you received communication from this domain, treat it as suspicious and verify through official channels using independently sourced contact information. Report the domain to your email provider and consider blocking it at the network level. Conduct enhanced monitoring of any accounts potentially exposed to this domain and enable multi-factor authentication wherever possible. [Updates since narrative was generated:] - VirusTotal detections: now 4/92 (narrative was written when count was lower) ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260512-53958A Favicon MD5: 0e67acd354adfdf73b605000e695663c TLS cert SHA-256: 0d54596f35974596283aebb3b88cd7379acebc6586e2be0739823d1669e7d174 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/silvereconomycongress.com/ JSON API: https://api.destroy.tools/v1/check?domain=silvereconomycongress.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 149,826 domains (35,625 alive under monitoring, 113,544 confirmed takedowns/dead). Site: https://phishdestroy.io