said by Brybry:Cox appears to inject a script into the head of any page (on a timer?) that creates a div/iframe with a 'popup' notification with no way to opt-out.
<IMG SRC="">
How did you find the above script (it's not in the page source of the webpage they hijacked on my machine)? A much larger amount of javascript was loaded from another directory, as well (and, in my case, everything came from 184.178.98.52).