OK, Graig, right on track. Good resources and I bookmarked these already
Well my report was not having all the bad adware stuff, there was also something like a link to EZ-toolbar downloader, an item we certainly like to avoid. So there was another third party link alerted in the urlquery dot net report for -cdn.mxpnl.com with the EZ-toolbar downloader
Adware! Detections for the domain:
https://www.virustotal.com/nl/domain/cdn.mxpnl.com/information/HTTPS Everywhere Atlas info:
https://www.eff.org/https-everywhere/atlas/domains/mxpnl.com.htmlQuttera flags: Quttera Labs - domain is Clean.
"The malware entry is cached and may not reflect the current status of the domain."
See: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcdn.mxpnl.com%2Flibs%2Fmixpanel-2.2.min.js *
going through: -http://www.localsearch.com.au/resources/pluto/javascripts/main-home.min.js (The Superpages mobile app
seems OK).
* We cannot dive into every issue and vulnerability here, but this I do not like to keep from you - a source for XSS exploit with "c.localStorage.set" as source, read:
https://blog.whitehatsec.com/web-storage-security/polonus