I received an email from @markmonitor that one of my inactive domains was hacked and hosting a @PayPal phishing site. Turns out, back when I worked at PayPal, I needed to test a security control and pointed my domain to PayPal's website. The underlying phishing site is PayPal.