Wow, so many things.
1. No indication that anything was done beyond tracking browsing, but the capability for tracking keystrokes etc. appears to be in the code.
Just to cover my bases, I'm about to change all my passwords. Have been meaning to put together a personal data breach bug-out manual anyway.
2. The new owners are really suspicious, and they know it.
The code in the previous toot was executed by a site called owebanalytics, a domain registered at the same time that the first suspicious update to The Great Suspender was pushed. The name is meant to resemble Google's openwebanalytics. Financial transactions associated with the new owner appear to have been made with BTC. And values found in the scripts have been found on other phishy extensions.
