# tromscan.github.io — SUSPICIOUS > tromscan.github.io mimics legitimate crypto tools but uses GitHub hosting to trick users into entering wallet credentials. ## Summary PhishDestroy identifies tromscan.github.io as a newly active phishing page pretending to be a cryptocurrency wallet scanner or validator. The site lures victims with the appearance of a legitimate crypto tool, but its real purpose is to steal funds by tricking users into connecting their digital wallets or entering private keys. This is a classic fake wallet attack where the attacker impersonates a trusted service to harvest sensitive data and drain wallets. Once credentials or private keys are entered, the funds can be transferred out immediately and irreversibly. This domain was flagged by PhishDestroy analysis on seed fd9328. VirusTotal currently shows 0 out of 95 security engines detecting the threat, meaning conventional antivirus tools have not yet added signatures for this specific page. The site is hosted on GitHub Pages (registered through GitHub, Inc.) and resolves to IP address 185.199.108.153, a legitimate GitHub CDN server that has been abused for phishing content. While GitHub enforces SSL via Let’s Encrypt, this does not prevent abuse of their free hosting platform. The low detection rate combined with active hosting indicates a fast-moving threat that is still under the radar of most security tools. If you visited tromscan.github.io or entered any wallet information, disconnect your wallet immediately, revoke any connected permissions in your wallet settings, and transfer remaining funds to a new wallet. Never reuse passwords or share private keys. Report the incident to your wallet provider and monitor for unauthorized transactions. Clear your browser cache and disable any suspicious browser extensions. Consider using hardware wallets for critical assets and enable multi-factor authentication. Always verify URLs through official channels before entering sensitive data, and use dedicated security tools to scan links before clicking. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: GitHub, Inc. - IP: 185.199.108.153 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/tromscan.github.io - PhishDestroy: https://phishdestroy.io/domain/tromscan.github.io/ - LLM endpoint: https://phishdestroy.io/domain/tromscan.github.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tromscan.github.io/ Last updated: 2026-04-03