I’ve noticed for quite a long time that strange domains such like jsev.com, cssxx.com appered in my firefox status bar from time to time, I always wonder why so many web pages contains resources from these strange domains. I googled it, but found nothing. I guess it’s some kind of virus which infect the servers and insert the code. Here is a sample taken from page header of http://www.eflorenzano.com/threadexample/blog/:
<script language='javascript' src='http://i.jsev.com./base.2032621946.js'> </script> <body onmousemove='return fz3824();'> <LINK REL='stylesheet' TYPE='text/css' HREF='http://i.cssxx.com./base2032621947.css'> <A HREF = 'http://i.html.com./base2032621947.html'></A> <SCRIPT LANGUAGE='JAVASCRIPT' SRC='http://i.js.com./base2032621947.js'></SCRIPT> <SCRIPT LANGUAGE='JAVASCRIPT'> function getuseragnt() { var agt = navigator.userAgent.toLowerCase(); agt = agt.replace(/ /g, ''); return agt; } document.write('<LINK REL='stylesheet' TYPE='text/css' HREF='http://i.css2js.com./base.css' + getuseragnt() + '_2032621947'>') </SCRIPT> edit: I am on a debian box, only on firefox I see this code, I just tried opera, this code doesn’t appear in opera, really strange, never heard of firefox having such problems.
This happens if you are using one of Princeton university’s CoDeeN project proxy servers. CoDeeN is an academic testbed content distribution network. When you browse a web page using CoDeeN proxy it injects some HTML code to the site’s original HTML and redirects requests sent to pseudo adresses to the project’s servers. Some of the pseudo addresses are: http://i.cssxx.com./base0877861956.css | i.cssxx.com. http://i.jsev.com./base.0877861955.js | i.jsev.com./ http://i.html.com./base0877861956.html | i.html.com. http://i.js.com./base0877861956.js | i.js.com./ http://i.css2js.com./base.css | i.css2js.com.
Some or all CoDeeN’s proxy servers appear as anonymous proxy servers list. CoDeeN project page: http://codeen.cs.princeton.edu/