https://lokalize.kde.org Points to http://nekaka.com/d/2hQAvfK3ig and http://nekaka.com/d/xCuuVv7jlA which are infected.
Probably better move to the www.kde.org "product", so the web team and sysadmins are aware (not everyone can fix the content of the websites).
Fixed, thanks for the heads up.