d dot rapsio dot com's role in website hacking - Home Page Hijacker.

Viruses and worms
1

Hacker defacer piggy-backing on adware script injector compromittal!

See: http://killmalware.com/blockinganti.com/
Web site defaced. Details: http://siteguarding.com/malware/entry/MW:DEFACED:01 Hacked by YıLDıRıMBeY!
Web Server Details
Scan for: -http://blockinganti.com
Hostname: blockinganti.com
IP address: 162.144.206.59

System Details:
Running on: Apache/2.4.16
List of scripts included
googledrive.com/host/0B0FAryoVedK0Szk4WW9GR3ZKWDg/modernizr.custom.86080.js
-http://d173vqb05g6hza.cloudfront.net/js/hela/app.js
-http://fp114.digitaloptout.com/pubjs?pid=104937&cid=5&sid=183601&uid=5b2edac8830d42f9aef93e71aaf59360&an=Health%20Alert
-http://d.rapsio.com/intext/static.js?v=6 *
-http://d1ui18tz1fx59z.cloudfront.net/js/pu/attribute.js?v=6
-http://d173vqb05g6hza.cloudfront.net/js/hela/firstLoad.js

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fd.rapsio.com%2Fintext%2Fstatic.js%3Fv%3D6 *
where a good adblocker like uBlock blocks this.
VT does not give it: https://www.virustotal.com/en-gb/url/f1bcb1d4e49c43b5ad185eb203bbfed14b7f99fd77d3b2a0dcd5678f0391bf58/analysis/
See

found JavaScript
     error: undefined function document.attachEvent
     info: DecodedGenericCLSID detected D27CDB6E-AE6D-11cf-96B8-444553540000

First is cause by an an uncaught TypeError, second stores configuration data for the policy setting Shockwave Flash. This means that the line “object”: “clsid:D27CDB6E-AE6D-11cf-96B8-444553540000” is used to blacklist Flash objects. The first result from Google states that the GUID stores “configuration data for the policy setting Shockwave Flash”.
Info credits go to Stackoverflow’s Ivan See how the code might influence jquery/jquery.min.js.

Link Analyze
Your website loads images, javascript, css style files from these domains.

Total Domains: 5
Total Blacklisted Domains: 0

Domain URL Found Links Blacklist Status
-www.ayyildiz.org 2 ok ? → Anonymous’a ait [www.anonofficial.org web sitesi] hacklenmiştir.
-d173vqb05g6hza.cloudfront.net 2 ok? Malicious? → https://www.virustotal.com/en-gb/domain/d173vqb05g6hza.cloudfront.net/information/
-fp114.digitaloptout.com 1 ok ? GoDaddy abuse - known threat: https://www.virustotal.com/en-gb/domain/fp114.digitaloptout.com/information/ & https://www.passivetotal.org/register?query=fp114.digitaloptout.com&qtype=passive
-d.rapsio.com 1 ok? Probably not see my analysis at *
-d1ui18tz1fx59z.cloudfront.net 1 ok? Encrypted Cloudfront script injection: https://stackoverflow.com/questions/24914616/encrypted-cloudfront-script-getting-injected-to-our-site-and-causing-js-errors-i & https://www.virustotal.com/en-gb/domain/d1ui18tz1fx59z.cloudfront.net/information/

polonus (volunteer website security analyst and website error-hunter)