# apps-morpho.xyz — SUSPICIOUS

> PhishDestroy identifies apps-morpho.xyz as a live credential harvesting page that currently evades 95/95 VirusTotal scanners; avoid clicking and delete any.

## Summary
PhishDestroy has flagged apps-morpho.xyz as an active browser-credential theft campaign. The domain masquerades as a legitimate Morpho service portal and lures victims into entering corporate login details, which are immediately exfiltrated to attacker-controlled servers. Once harvested, stolen credentials are used for lateral-movement attacks against Microsoft 365, VPN concentrators, and internal SaaS dashboards, resulting in data theft and ransomware deployment within hours.

This domain was flagged through PhishDestroy’s automated pipeline on March 30, 2026. It currently resolves to IP 188.114.96.3 via Dynadot LLC hosting, secured with an active Let’s Encrypt certificate, and remains undetected by 95 VirusTotal engines—indicating a high-sophistication adversary employing bulletproof hosting and short-lived certificates to evade signature-based detection. The domain remains under active reconnaissance and continues to receive new visitors despite the ongoing investigation.

If you clicked any link or entered credentials on apps-morpho.xyz, immediately rotate the exposed password and enable multi-factor authentication on all related accounts. Scan the device used for any infostealer malware, and revoke any OAuth tokens previously granted to suspicious third-party applications. Report the incident to your security team and block the domain and IP at firewall and DNS levels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 05:04:58
- Registrar: Dynadot LLC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/02e025d8-814f-4bfe-bf46-26f26421b69b
- PhishDestroy: https://phishdestroy.io/domain/apps-morpho.xyz/
- LLM endpoint: https://phishdestroy.io/domain/apps-morpho.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/apps-morpho.xyz/
Last updated: 2026-03-30