Today I received a request for some assistance on a javascript triggering a redirect. A Google search revealed a huge amount of pages hosted at the same website.
IPB Image
They contain indeed an obfuscated Javascript that once decoded leads us to www.nydepezokyce.com\kvrpaxb.js. That file contains another obfuscated script which reveals us the next location. And we keep bumping from one site to another as seen in the capture below.
IPB Image
Final destination, another fake online scanner called Micro Antivirus.
IPB Image
IPB Image
IPB Image
<h4>
IP details
</h4>
www.nydepezokyce.com / shit.nydepezokyce.com - 69.50.164.247

Website Title: Nydepezokyce Blog
ICANN Registrar: ESTDOMAINS, INC.
Created: 2008-09-06
Expires: 2009-09-06
Updated: 2008-09-06
Name Server: MANAGEDNS1.ESTBOXES.COM (has 8,086 domains)
Name Server: MANAGEDNS2.ESTBOXES.COM
Name Server: MANAGEDNS3.ESTBOXES.COM
Name Server: MANAGEDNS4.ESTBOXES.COM
Whois Server: whois.estdomains.com

IP Location - California - Concord - Intercage Inc

Websites
  1. Nadahubitin.com
  2. Rowalogoz.com
  3. Nydepezokyce.com
______________________________

tds.net-poison.com - 216.195.61.160

Domain Name: NET-POISON.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Name Server: A.NS.JOKER.COM
Name Server: B.NS.JOKER.COM
Name Server: C.NS.JOKER.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 12-jun-2007
Creation Date: 12-jun-2007
Expiration Date: 12-jun-2009
______________________________

n3t.cc - 216.195.55.80

Website Title: None given.
ICANN Registrar: ESTDOMAINS, INC.
Created: 2008-06-19
Expires: 2009-06-19
Updated: 2008-08-19
Registrar Status: ACTIVE
Name Server: MANAGEDNS1.ESTBOXES.COM (has 8,086 domains)
Name Server: MANAGEDNS2.ESTBOXES.COM
Name Server: MANAGEDNS3.ESTBOXES.COM
Name Server: MANAGEDNS4.ESTBOXES.COM
Whois Server: whois.estdomains.com

IP Location - Oregon - Portland - Aps Telecom
Dedicated Hosting: n3t.cc is hosted on a dedicated server.
______________________________

soft-traffic.com - 91.208.0.224

Website Title: 403 Forbidden
ICANN Registrar: INTERNET.BS CORP.
Created: 2008-09-08
Expires: 2009-09-08
Updated: 2008-09-08
Name Server: NS1.SOFT-TRAFFIC.COM (has 1 domains)
Name Server: NS2.SOFT-TRAFFIC.COM
Whois Server: whois.internet.bs

IP Location - Russian Federation - Still Trade Ltd

Websites
  1. Soft-traff.com
  2. Soft-traffic.com
______________________________

scanner.microantivirus2009.com - 91.208.0.223

Website Title: Micro Antivirus 2008
ICANN Registrar: INTERNET.BS CORP.
Created: 2008-09-09
Expires: 2009-09-09
Updated: 2008-09-09
Name Server: NS1.MICROANTIVIRUS2009.COM
Name Server: NS2.MICROANTIVIRUS2009.COM
Whois Server: whois.internet.bs

IP Location - Russian Federation - Still Trade Ltd