Is one safer than the other for downloading files? its kinda went down the shitter, so atm until they fix the issues, I'm sticking with KAT. PH. The site was first launched as Kat. ph, and then later became KickAss.to when police thought that the having a Somalian-based domain is already safe for their operations. Share Share Tweet + 1 0 Share Share.
- 1 Blocking and censorship; 2 See also; 3 References; 4 External links On 21 April 2011, KickassTorrents moved to the new domain name kat. ph after a series.
- Main · Unblock · Download · Safety · About Application · News · User Privacy KickassTorrents is not shut down, Kat. ph domain seized Now we have been informed that the domain Kat. ph was taken away by the " What if one was able to get latest movies which were running in the cinema at that time?
On Thursday June 13 the kat. ph domain was seized and began redirecting traffic to a Please use https://kickass.to (it's safe). 1 Comment.
Malvertising on KickAssTorrents (kat. ph). OpenX compromised to serve fake anti-virus "Security Sphere 2012". (Credits: Wayne Huang, Chris Hsiao, NightCola Lin).
Yesterday our HackAlert website malware monitoring service told us that KickAssTorrents (kat. ph), ranked 321 globally on Alexa with more than 1. 5 million unique visitors per month. is serving malware to all of its visitors via malvertising. Below is a video showing how visitors are infected:. Coincidentally, KickAss Torrents published a blog post on Oct 10th in response to the website being flagged by antivirus vendor Avast.
In it they said:. ===================. Our users that are using the Avast anti-virus might have noticed that KAT. ph suddenly became labeled as a dangerous website for users that are not logged in. We want to assure our users that KickassTorrents has no malware or viruses of any kind and it is absolutely safe to use our website.
We already contacted Avast and currently we are trying to find and fix the cause of this problem. You will help us if you choose the "Report the file as a false positive" option if you get the alert. ===================.
In another thread. KickAss Torrents said:. ===================. Now what the hell does this error mean.
First of all, don't flip out, don't go post on the KAT site, post down here if you experience the same problem. Secondly, report down here if you experience this error. Thirdly, add kat. ph to the safe URLs in your AV. And lastly, please go to this site and report the problem (Avast! users only):.
Avast! forum thread. Back on topic.
What is this error? Does error roughly means that your anti-virus software has found some bad code in an iFrame. This could be from the site itself, or from advertisements. An iFrame is a piece of code that allows you to do several things. Embedding something to your site is a good example. I hope this topic helps a little and I certainly hope the error is going to be fixed now.
Q: OMFG IS KAT HACKED. A: Nope, just some error. A: Yes, it is. ===================.
KickAss Torrents also referred to this discussion thread on Avast's forum. At the end of the forum it appears that Avast has acknowledged that it was indeed a false positive and have addressed the issue:. ===================. It should be solved, if not let us know please. Miroslav Jenšík. AVAST Software a.
===================. Well, that time it might have been a false positive from Avast, but this time the website is absolutely infecting its visitors, as seen in our video. Here we summarize characteristics worth noting:. 1. High traffic website compromised.
2. Malvertising via compromising KickAssTorrents' OpenX platform. 3.
Spreading fake antivirus "Security Sphere 2012" by conducting a drive-by download process. Simply navigating to the website with an outdated browsing platform will result in infection. No clicks necessary (see video). 4.
The algorithm used generates a (predicable) different dyndns. tv domain name every hour, in the format of roboABCD. tv, where ABCD are characters with a fixed seed and incremented by one character every different UTC hour. 7. The new dyndns domain for the next hour is generated every hour precisely at minutes 2 to 5, so this may be done by an automated mechanism.
8. Initial antivirus detection rates are very low, from 0 to 2 vendors out of 43 on VirusTotal. 9. All generated domains resolve to a single IP: 184. 22.
224. 154 (AS21788, United States Scranton Network Operations Center Inc), located in the US. 10. The domain: obama-president.
com resolves to this IP and is serving the same exploit pack. This domain was registered on Aug 4th through an Russian registrar, 1'ST DOMAIN NAME SERVICE www. 1dns. ru. At this time the domain resolved to an Netherlands IP 85. 17.
93. The domain started to resolve to 184. 22.
224. 154 on Aug 23rd. This IP and the president-obama. com domain are both currently still up and working.
KickAssTorrents serves its ads via its OpenX installation at ad. kat.
Note the code isn't just a few lines of "injection"--the code is merged with the original OpenX html code:. The following is the important parts of the decoded version:. From line 29-41, we can see that the function spelled() generates four characters based on the current hour in UTC. From line 18 we can see how this function is called: var gyrally = spelled(String("robo"), new String(". dynd" + "ns. tvmg7j". substr(0, 5)));.