# st-art-ledgr.pages.dev — SUSPICIOUS > PhishDestroy identifies st-art-ledgr.pages.dev as a PayPal credential phishing site with 0/95 VirusTotal detections. ## Summary PhishDestroy analysts have flagged st-art-ledgr.pages.dev as an active PayPal credential phishing domain designed to steal login credentials under the guise of a legitimate payment service. The site mimics PayPal’s branding and login interface to trick users into entering their email and password, which are then harvested by attackers for account takeover or sold on dark web markets. Technical analysis confirms the domain resolves to IP 172.66.44.129 and operates behind a Cloudflare proxy, making it harder to trace or block at the network level. While the SSL certificate issued by Google Trust Services adds a veneer of legitimacy, it does not validate the site’s authenticity—only that traffic is encrypted between the user and the attacker-controlled server. This domain was flagged under seed 7841b8 after VirusTotal scanning returned 0 detections out of 95 engines, indicating it remains under the radar of most security tools. The domain was registered through Cloudflare, Inc., a common tactic among phishing operators seeking anonymity and rapid infrastructure rotation. With no current blocklist presence and minimal detection coverage, the risk of user exposure remains high, especially for those expecting PayPal-related communications. The combination of a trusted SSL issuer, Cloudflare shielding, and zero detections creates a dangerous trifecta for unsuspecting visitors. Users who visited st-art-ledgr.pages.dev should immediately check their PayPal account for unauthorized transactions or login attempts. Change your PayPal password using the official website or app, and enable two-factor authentication (2FA) to prevent future compromise. Review bank and credit card statements for signs of fraud, and consider placing a fraud alert or credit freeze if sensitive data was entered. Report the domain to PayPal’s abuse team and PhishDestroy to aid in takedown efforts. Avoid clicking any links in emails or messages claiming to be from PayPal; always navigate directly to paypal.com to verify legitimacy. Stay vigilant—this domain may be part of a larger phishing campaign targeting PayPal users globally. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.129 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9a31fdcc-2630-4238-8dac-91eb4b9b8285 - PhishDestroy: https://phishdestroy.io/domain/st-art-ledgr.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/st-art-ledgr.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/st-art-ledgr.pages.dev/ Last updated: 2026-03-22