# fusionprotocol.pages.dev — SUSPICIOUS > fusionprotocol.pages.dev hosts a Sei brand impersonation scam deploying crypto drainers. VirusTotal reports 0/95 detections. Avoid interaction immediately. ## Summary PhishDestroy identifies fusionprotocol.pages.dev as an active Sei brand impersonation site designed to deceive users into connecting crypto wallets and approving fraudulent transactions. The domain leverages Cloudflare Pages to masquerade as legitimate Sei ecosystem tools, with infrastructure hosted on AS13335 (Cloudflare) at 172.66.44.94. Current telemetry shows no detections on VirusTotal (0/95), indicating the threat remains under the radar despite active distribution. Blocklisting remains pending, raising the risk of successful user infiltration. The domain was registered through Cloudflare, Inc., a commonly abused provider for malicious infrastructure due to its anonymity features and rapid deployment capabilities. This vector targets Sei users specifically, exploiting brand trust to trick victims into signing malicious wallet approvals or revealing private keys. The complete absence of detection underscores the need for proactive threat hunting, as traditional AV solutions fail to flag this campaign. Users who visited fusionprotocol.pages.dev should immediately revoke any wallet approvals via tools like revoke.cash or wallet interfaces, disconnect the domain from their wallets, and scan for unauthorized transactions. Avoid re-engaging with the domain or related links. Report the site to Cloudflare Abuse and Sei’s official channels to expedite takedown. Stay vigilant for similar Sei-themed campaigns exploiting Cloudflare Pages infrastructure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Sei ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.94 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/fusionprotocol.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/fusionprotocol.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fusionprotocol.pages.dev/ Last updated: 2026-03-26