# PhishDestroy threat dossier — aldronholdings.com ================================================================ Fetched: 2026-04-27 00:34:21 UTC Canonical: https://phishdestroy.io/domain/aldronholdings.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 92/100 (PhishDestroy scoring — see methodology below) Scam classification: Investment Scam ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/94 security vendors flagged this domain Flagging vendors: Netcraft Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 104.219.248.117 (US, Phoenix) ASN: AS22612 Namecheap, Inc. Hosting org: 3402 East University Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: dns1.namecheaphosting.com, dns2.namecheaphosting.com Registered: 2026-03-27 Page title: Aldron Holdings - Crypto Investment | Real Estate Investment | Agriculture Investment | Oil and Gas Investment HTTP response: 403 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Sectigo Limited / Sectigo RSA Domain Validation Secure Server CA Expires: 2026-04-22 Status: INVALID chain Fingerprint: 796e3508cd81bf061d36f1e0a2bf859d9f2f347a93ef06d2001d7e0469699183 Subject Alternative Names (related infrastructure — often same operator): - www.aldronholdings.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-03-27 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-03-27 18:11:51 UTC (by PhishDestroy tracker) First reported: 2026-03-27 15:16:54 UTC (abuse notice filed) Last verified: 2026-04-21 16:12:59 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019d2fd7-6826-770d-9ea7-8b1d453690b6/ URLQuery: https://urlquery.net/report/9c60f975-c381-4c5c-b1bf-b0d72c36807f Wayback Machine: https://web.archive.org/web/*/aldronholdings.com crt.sh CT logs: https://crt.sh/?q=%25.aldronholdings.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=aldronholdings.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/aldronholdings.com URLhaus: https://urlhaus.abuse.ch/host/aldronholdings.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-03-27 18:12:50 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] aldronholdings.com has been identified as an active counterfeit investment scam designed to deceive users into transferring funds under the pretense of asset trading or wealth management services. This domain masquerades as a legitimate investment firm, leveraging professional-looking interfaces and fabricated testimonials to establish credibility. Attackers behind this scheme typically solicit victims through unsolicited emails, social media advertisements, or fraudulent online forums, redirecting users to fraudulent login portals or payment pages after capturing their credentials or initiating unauthorized transactions. PhishDestroy’s automated systems detected this threat on April 22, 2025, and confirmed ongoing malicious activity. This domain was flagged by PhishDestroy and correlates with one confirmed security blocklist entry. It resolves to IP address 104.219.248.117 and was registered on April 21, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis reveals only 1 out of 95 participating security vendors have flagged this domain, highlighting the stealthy nature of this threat and its potential to evade early detection by conventional tools. The use of a Sectigo Limited SSL certificate further enhances the domain’s perceived legitimacy, tricking users into believing the site is secure. The combination of recent registration, low detection rates, and financial pretext suggests a targeted, short-lived campaign aimed at extracting sensitive financial information or funds from unsuspecting users. If you have visited aldronholdings.com or entered any personal or financial information, immediately cease all communication with the site and do not respond to follow-up messages. Disconnect from the network to prevent potential data exfiltration and scan your device using updated antivirus software. Review financial statements for unauthorized transactions and report any suspicious activity to your bank or payment provider. Consider enabling multi-factor authentication on all financial accounts and file a complaint with your local cybercrime unit or consumer protection agency. Monitor credit reports for signs of identity theft and remain vigilant for further phishing attempts. Share this advisory with colleagues or family members who may have encountered similar investment-related lures. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260327-111606 Favicon MD5: d4afb64d17147cacf9a670bb1ed4dc1c TLS cert SHA-256: 796e3508cd81bf061d36f1e0a2bf859d9f2f347a93ef06d2001d7e0469699183 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/aldronholdings.com/ JSON API: https://api.destroy.tools/v1/check?domain=aldronholdings.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io