# lists.maxlevine.co.uk — SUSPICIOUS > lists.maxlevine.co.uk hosts a fake document-sharing portal stealing credentials. VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies an active phishing domain, lists.maxlevine.co.uk, explicitly designed to impersonate a document-sharing portal to harvest user credentials. This domain, registered through Gandi on March 16, 2020, is currently hosted at IP 116.203.87.149 and secured with a Let’s Encrypt SSL certificate to appear legitimate. The campaign remains undetected by security vendors, with VirusTotal currently scoring 0 detections out of 95 engines, despite the domain's age and recent activity. No known blocklists have flagged this domain, suggesting it is a newly weaponized or lightly leveraged infrastructure. The threat posed by lists.maxlevine.co.uk is high due to its use of a plausible domain and SSL encryption to deceive users into entering sensitive credentials. The domain’s creation date (March 16, 2020) suggests it was dormant for years and only recently repurposed for phishing, likely as part of a targeted or opportunistic campaign. With 0/95 detections on VirusTotal and no prior flagging, this domain represents a stealthy and evolving risk to unsuspecting users who may trust the SSL certificate and familiar domain structure. The lack of proactive blocking increases the likelihood of successful credential theft. Users who have visited or entered information into lists.maxlevine.co.uk should immediately cease use of any shared credentials. Reset passwords for affected accounts, enable multi-factor authentication where available, and monitor accounts for unusual activity. Report the domain to your organization’s security team or local CERT if used on corporate systems. Avoid interacting with this domain or any linked content, and consider blocking it at the network level to prevent further exposure. If credentials were entered, assume they are compromised and take immediate action to secure accounts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2020-03-16 00:00:00 - Registrar: Gandi [Tag = GANDI] - IP: 116.203.87.149 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/194b27cd-d1eb-49a9-aa49-78d71bfe6789 - PhishDestroy: https://phishdestroy.io/domain/lists.maxlevine.co.uk/ - LLM endpoint: https://phishdestroy.io/domain/lists.maxlevine.co.uk/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lists.maxlevine.co.uk/ Last updated: 2026-03-22