Malicious site or not?

hxxp://levintrading.com

http://zulu.zscaler.com/submission/show/b55bd35a512b4e4049b562b20a0eb14b-1413011130

http://urlquery.net/report.php?id=1413011325164

http://sitecheck.sucuri.net/results/levintrading.com/

https://www.virustotal.com/en/url/f0b0a008a17d1cfe7a9034aadce86ed6ac2c785909e7b25426ec2417956f5dbb/analysis/1413011321/

http://quttera.com/detailed_report/levintrading.com

[EDIT:] Fixed url errors.

No detection on html
https://www.virustotal.com/nb/file/6f430b745f5f9754d3f783f6a1c7bf8037c5a8ae2374dc786ed28b01ae9e854b/analysis/1413016506/

Hi mchain,

See whether this is online the Zeus drop uri:
ZeuS DropURL Status HTTP Status
levintrading.com/js/js/r34d.php online 200

And then contrary to Pondus results (he is looking for the general domain url - which might just be a C&C log-in template) we do get results and two flag: https://www.virustotal.com/nl/url/209db520d146464ed3b7901074b5945e52188c2872f753c0104c65113de13426/analysis/1413031175/

Here the verdict is simple: levintrading.com,216.238.149.29,NS33.WORLDNIC.com,Criminals,ZeuS
(according to Kleissner & Associates Virus Tracker results)
And the results we get are:
HTTP/1.1 200 OK
Date: Sat, 11 Oct 2014 12:45:44 GMT
Server: Apache/2.2.15 (CentOS) DAV/2 - vulnerable: http://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=66&version_id=93077&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=23&sha=f3811a977415e66eff5d8b9d9b8c21d064617677
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

We should do an Intellitamper scan to see what more levintrading dot com has on that server,
but that is outside the scope of our third party cold reconnaissance scans.
At least I would flag and block that main domain as long as it is up.
Cannot be trusted → https://www.mywot.com/en/scorecard/levintrading.com?utm_source=addon&utm_content=popup

pol