Brand impersonation — not the real site
5 of 92 antivirus engines flag this page as malicious. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.
Is wintermute-prime.com legit or a scam?
Fake Wintermute USDC Prime vault that is a 5-day-old typosquat clone flagged as a crypto drainer by multiple engines and reports.
These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.
Analysis Summary
MT Intelligence
The page presents itself as a legitimate Wintermute vault interface with deposit figures and APY charts, but the domain wintermute-prime.com was registered only five days ago. Five engines from our antivirus network flagged the site for phishing or malware, and our scam network fingerprint confirms it is both a clone and typosquat of the real wintermute.com. A report from PhishDestroy explicitly identifies it as a crypto drainer impersonating Wintermute Finance, with no business registration or positive mentions found anywhere. The combination of extreme newness, direct impersonation, and external scam confirmation leaves no reasonable doubt about its intent.
Website Preview
Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.
Web Research Findings
Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for wintermute-prime.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.
- Domain wintermute-prime.com is 5 days old.
- Page content titled 'Morpho | Wintermute USDC Prime vault' with vault address 0x5dc53a23AdC9f2Bed98de6F59F7F309a7c71FF2B.
- Flagged as crypto drainer impersonating Wintermute Finance on PhishDestroy.io (flagged by MetaMask and SEAL).
- Legitimate Wintermute operates at wintermute.com as an established algorithmic trading and liquidity provider founded in 2017.
- No business registration, positive reviews, or legitimate mentions of wintermute-prime.com found in searches.
- Multiple search results link the domain directly to scam alerts alongside other flagged crypto-related domains.
- PhishDestroyopen
"wintermute-prime.com is a crypto drainer impersonating Wintermute Finance. Flagged by MetaMask and SEAL, verified on PhishDestroy."
Domain hosts content impersonating Wintermute USDC Prime vault on Morpho; real Wintermute site is wintermute.com
Scam Network Intelligence
Antivirus Engines
Security Scans
Checked against the major public blocklists used by browsers and security tools — no hits.
Contact Verification
We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.
- No contact email found anywhere on the page.
- No postal address visible on the page.
- Phone number listed (2026-04-22).
Domain & Encryption
Server Reputation
Scam-Type Likelihood
3 scam-type patterns detected
0 of 13 categories showed signals
We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.
- Domain is a typosquat of wintermute.com.
- AI analyst tagged this as a brand / clone-site impersonation.
- Clustered with known brand-impersonation infrastructure.
- Domain is a typosquat of wintermute.com.
- AI analyst tagged this as phishing.
- AI analyst tagged this as crypto fraud / wallet-drainer.
- AI analyst categorised the site as crypto-themed.
0 of 13 categories showed signals
We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.
- Domain is a typosquat of wintermute.com.
- AI analyst tagged this as a brand / clone-site impersonation.
- Clustered with known brand-impersonation infrastructure.
- Domain is a typosquat of wintermute.com.
- AI analyst tagged this as phishing.
- AI analyst tagged this as crypto fraud / wallet-drainer.
- AI analyst categorised the site as crypto-themed.
Brand impersonation detected
This page is styled as a known brand but is not the brand's real site.
- Do not interact with wintermute-prime.com
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
- Go to the brand's real site directly
Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.
- Never download or sign in here
Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.
- OpenReport the impersonation to the brand
Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.
Reputation Sources
How this domain rates across independent threat-intelligence and blocklist providers.
Referenced Domains
Outbound domains this page links to or loads resources from. Each links to its own security scan.
Safety FAQ
Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.
- Our automated security review flags wintermute-prime.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
- No — wintermute-prime.com scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
- Yes. wintermute-prime.com presents a valid TLSv1.3 certificate issued by Let's Encrypt · E8, expiring in 84 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
- wintermute-prime.com is 5 days old, registered on 5/19/2026 through Fewmoretaps OU d/b/a Trustname.com. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
- 7 out of 92 antivirus engines in our malware network flagged wintermute-prime.com as malicious or suspicious (5 outright malicious). Even one detection is a meaningful signal.
- No. wintermute-prime.com is not currently listed on the major browser blocklist feeds that modern browsers use.
- wintermute-prime.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
- We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.
Final Verdict
This site impersonates a Wintermute USDC Prime vault on Morpho. Our verdict is malicious because the domain is only 5 days old, five antivirus engines flag it as phishing or malware, and it has been reported as a crypto drainer. Do not connect any wallet or interact with the page.
Other Dangerous reports
User reviews & comments(0)
Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.