# pay-heleket.click — SUSPICIOUS > pay-heleket.click detected as PayPal phishing site, flagged by 0/95 VirusTotal scanners. Check the full report. ## Summary PhishDestroy identifies pay-heleket.click as an active PayPal phishing domain designed to deceive users into disclosing login credentials under false pretenses. The site currently operates under a 'medium' risk classification with the investigation flag set to 'under_investigation,' indicating ongoing analysis of its operational scope and potential impact. This domain was flagged by 0 of 95 VirusTotal vendors during the most recent scan, demonstrating that it has not yet been widely recognized as malicious by automated security systems. The domain is registered through Dynadot, LLC, resolves to IP address 188.114.96.3, and was created on March 16, 2026 — a relatively recent registration that warrants heightened scrutiny. At the time of analysis, no public blocklists include this domain, and standard trust and reputation scores remain unassigned due to its newness. Current status indicates that pay-heleket.click remains operationally active and continues to pose a credible risk of credential theft through impersonation of PayPal’s official login interface. Users should avoid interacting with any links or content associated with this domain. If you have encountered this site, do not enter any personal or financial information. Report the domain to your email provider or browser security team, and consider using a password manager with phishing detection features to prevent accidental exposure. Organizations are advised to monitor for outbound connections to 188.114.96.3 and update firewall rules accordingly. This assessment will be updated as new intelligence becomes available. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 20:24:49 - Registrar: Dynadot, LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/baa14dfa-7105-4de5-a937-ea3ba38628e7 - PhishDestroy: https://phishdestroy.io/domain/pay-heleket.click/ - LLM endpoint: https://phishdestroy.io/domain/pay-heleket.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pay-heleket.click/ Last updated: 2026-03-24