| URL: https://kitces.emlnk1.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://kitces.emlnk1.com |
| URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This is the legitimate jQuery library (version 3.7.1) source code. jQuery is a widely-used, trusted JavaScript library. The code shows standard library initialization patterns, proper module exports, and documented source. No suspicious or malicious behaviors are present."
} |
/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[i.call(e)]||"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||v(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==i.call(e))&&(!(t=r(e))||"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeArray:function(e,t){var n=t||[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!l.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va |
| URL: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This is the beginning of the jQuery UI library, a well-known and trusted JavaScript framework. The code shows standard widget factory implementation with proper namespacing, event handling, and widget construction patterns. It's from a legitimate source (jQuery Foundation), is open-source, and uses standard JavaScript practices without any suspicious behaviors."
} |
/*! jQuery UI - v1.13.2 - 2022-07-14
* http://jqueryui.com
* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sortable.js, widgets/spinner.js, widgets/tabs.js, widgets/tooltip.js
* Copyright jQuery Foundation and other contributors; Licensed MIT */
!function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],t):t(jQuery)}(function(V){"use strict";V.ui=V.ui||{};V.ui.version="1.13.2";var n,i=0,a=Array.prototype.hasOwnProperty,r=Array.prototype.slice;V.cleanData=(n=V.cleanData,function(t){for(var e,i,s=0;null!=(i=t[s]);s++)(e=V._data(i,"events"))&&e.remove&&V(i).triggerHandler("remove");n(t)}),V.widget=function(t,i,e){var s,n,o,a={},r=t.split(".")[0],l=r+"-"+(t=t.split(".")[1]);return e||(e=i,i=V.Widget),Array.isArray(e)&&(e=V.extend.apply(null,[{}].concat(e))),V.expr.pseudos[l.toLowerCase()]=function(t){return!!V.data(t,l)},V[r]=V[r]||{},s=V[r][t],n=V[r][t]=function(t,e){if(!this||!this._createWidget)return new n(t,e);arguments.length&&this._createWidget(t,e)},V.extend(n,s,{version:e.version,_proto:V.extend({},e),_childConstructors:[]}),(o=new i).options=V.widget.extend({},o.options),V.each(e,function(e,s){function n(){return i.prototype[e].apply(this,arguments)}function o(t){return i.prototype[e].apply(this,t)}a[e]="function"==typeof s?function(){var t,e=this._super,i=this._superApply;return this._super=n,this._superApply=o,t=s.apply(this,arguments),this._super=e,this._superApply=i,t}:s}),n.prototype=V.widget.extend(o,{widgetEventPrefix:s&&o.widgetEventPrefix||t},a,{constructor:n,namespace:r,widgetName:t,widgetFullName:l}),s?(V.each(s._childConstructors,function(t,e){var i=e.prototype;V.widget(i.namespace+"."+i.widgetName,n,e._proto)}),delete s._childConstructors):i._childConstructors.push(n),V.widget.bridge(t,n),n},V.widget.extend=function(t){for(var e,i,s=r.call(arguments,1),n=0,o=s.length;n<o;n++)for(e in s[n])i=s[n][e],a.call(s[n],e)&&void 0!==i&&(V.isPlainObject(i)?t[e]=V.isPlainObject(t[e])?V.widget.extend({},t[e],i):V.widget.extend({},i):t[e]=i);return t},V.widget.bridge=function(o,e){var a=e.prototype.widgetFullName||o;V.fn[o]=function(i){var t="string"==typeof i,s=r.call(arguments,1),n=this;return t?this.length||"instance"!==i?this.each(function(){var t,e=V.data(this,a);return"instance"===i?(n=e,!1):e?"function"!=typeof e[i]||"_"===i.charAt(0)?V.error("no such method '"+i+"' for "+o+" widget instance"):(t=e[i].apply(e,s))!==e&&void 0!==t?(n=t&&t.jquery?n.pushStack(t.get()):t,!1):void 0:V.error("cannot call methods on "+o+" prior to initialization; attempted to call method '"+i+"'")}):n=void 0:(s.length&&(i=V.widget.extend.apply(null,[i].concat(s))),this.each(function(){var t=V.data(this,a);t?(t.option(i||{}),t._init&&t._init()):V.data(this,a,new e(i,this))})),n}},V.Widget=function(){},V.Widget._childConstructors=[],V.Widget.prototype={widgetName:"widget",widgetEventPrefix:"",defaultElement:"<div>",options:{classes:{},disabled:!1,create:null},_createWidget:function(t,e){e=V(e||this.defaultElement||this)[0],this.element=V(e),this.uuid=i++,this.eventNamespace="."+this.widgetName+this.uuid,this.bindings=V(),this.hoverable=V(),this.focusa |
| URL: https://cdnjs.cloudflare.com/ajax/libs/css-vars-po... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate CSS polyfill library with known source (GitHub). It uses XMLHttpRequest/XDomainRequest for CSS loading, which are moderate-risk indicators, but the context is appropriate for its purpose. The code is from a trusted source (MIT licensed) and performs expected CSS variable functionality."
} |
/*!
* css-vars-ponyfill
* v2.4.9
* https://jhildenbiddle.github.io/css-vars-ponyfill/
* (c) 2018-2024 John Hildenbiddle <http://hildenbiddle.com>
* MIT license
*/
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).cssVars=t()}(this,(function(){"use strict";function e(){return e=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},e.apply(this,arguments)}function t(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},r={mimeType:t.mimeType||null,onBeforeSend:t.onBeforeSend||Function.prototype,onSuccess:t.onSuccess||Function.prototype,onError:t.onError||Function.prototype,onComplete:t.onComplete||Function.prototype},n=Array.isArray(e)?e:[e],o=Array.apply(null,Array(n.length)).map((function(e){return null}));function s(e){var t="string"==typeof e,r=t&&"<"===e.trim().charAt(0);return t&&!r}function a(e,t){r.onError(e,n[t],t)}function c(e,t){var s=r.onSuccess(e,n[t],t);e=!1===s?"":s||e,o[t]=e,-1===o.indexOf(null)&&r.onComplete(o)}var i=document.createElement("a");n.forEach((function(e,t){if(i.setAttribute("href",e),i.href=String(i.href),Boolean(document.all&&!window.atob)&&i.host.split(":")[0]!==location.host.split(":")[0]){if(i.protocol===location.protocol){var n=new XDomainRequest;n.open("GET",e),n.timeout=0,n.onprogress=Function.prototype,n.ontimeout=Function.prototype,n.onload=function(){var e=n.responseText;s(e)?c(e,t):a(n,t)},n.onerror=function(e){a(n,t)},setTimeout((function(){n.send()}),0)}else console.warn("Internet Explorer 9 Cross-Origin (CORS) requests must use the same protocol (".concat(e,")")),a(null,t)}else{var o=new XMLHttpRequest;o.open("GET",e),r.mimeType&&o.overrideMimeType&&o.overrideMimeType(r.mimeType),r.onBeforeSend(o,e,t),o.onreadystatechange=function(){if(4===o.readyState){var e=o.responseText;o.status<400&&s(e)||0===o.status&&s(e)?c(e,t):a(o,t)}},o.send()}}))}function r(e){var r=/\/\*[\s\S]+?\*\//g,o=/(?:@import\s*)(?:url\(\s*)?(?:['"])([^'"]*)(?:['"])(?:\s*\))?(?:[^;]*;)/g,s={rootElement:e.rootElement||document,include:e.include||'style,link[rel="stylesheet"]',exclude:e.exclude||null,filter:e.filter||null,skipDisabled:!1!==e.skipDisabled,useCSSOM:e.useCSSOM||!1,onBeforeSend:e.onBeforeSend||Function.prototype,onSuccess:e.onSuccess||Function.prototype,onError:e.onError||Function.prototype,onComplete:e.onComplete||Function.prototype},a=Array.apply(null,s.rootElement.querySelectorAll(s.include)).filter((function(e){return t=e,r=s.exclude,!(t.matches||t.matchesSelector||t.webkitMatchesSelector||t.mozMatchesSelector||t.msMatchesSelector||t.oMatchesSelector).call(t,r);var t,r})),c=Array.apply(null,Array(a.length)).map((function(e){return null}));function i(){if(-1===c.indexOf(null)){c.reduce((function(e,t,r){return""===t&&e.push(r),e}),[]).reverse().forEach((function(e){return[a,c].forEach((function(t){return t.splice(e,1)}))}));var e=c.join("");s.onComplete(e,c,a)}}function u(e,t,r,n){var o=s.onSuccess(e,r,n);f(e=void 0!==o&&!1===Boolean(o)?"":o||e,r,n,(function(e,n){null===c[t]&&(n.forEach((function(e){return s.onError(e.xhr,r,e.url)})),!s.filter||s.filter.test(e)?c[t]=e:c[t]="",i())}))}function l(e,t){var s=arguments.length>2&&void 0!==arguments[2]?arguments[2]:[],a={};return a.rules=(e.replace(r,"").match(o)||[]).filter((function(e){return-1===s.indexOf(e)})),a.urls=a.rules.map((function(e){return e.replace(o,"$1")})),a.absoluteUrls=a.urls.map((function(e){return n(e,t)})),a.absoluteRules=a.rules.map((function(e,r){var o=a.urls[r],s=n(a.absoluteUrls[r],t);return e.replace(o,s)})),a}function f(e,r,n,o){var a=arguments.length>4&&void 0!==arguments[4]?arguments[4]:[],c=arguments.length>5&&void 0!==arguments[5]?arguments[5]:[],i=l(e,n,c);i.rules.length?t(i.absoluteUrls,{onBeforeSend:function(e,t,n){s.onBeforeSend(e,r,t)},onSuccess:fu |
| URL: https://cdnjs.cloudflare.com/ajax/libs/jquery-migr... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is jQuery's official migration plugin with legitimate functionality. It contains only low-risk behaviors: console logging for debugging, DOM manipulation through jQuery, and deprecation warnings. The code is from a trusted source (jQuery) and performs expected migration-related tasks."
} |
/*! jQuery Migrate v3.5.2 | (c) OpenJS Foundation and other contributors | jquery.com/license */
"undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)||[],o=r.exec(t)||[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.5.2";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")||n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings&&n.console.log("JQMIGRATE: Migrate plugin loaded multiple times"),n.console.log("JQMIGRATE: Migrate is installed"+(s.migrateMute?"":" with logging active")+", version "+s.migrateVersion));var o={};function u(e,t){var r=n.console;!s.migrateIsPatchEnabled(e)||s.migrateDeduplicateWarnings&&o[t]||(o[t]=!0,s.migrateWarnings.push(t+" ["+e+"]"),r&&r.warn&&!s.migrateMute&&(r.warn("JQMIGRATE: "+t),s.migrateTrace&&r.trace&&r.trace()))}function r(e,t,r,n,o){Object.defineProperty(e,t,{configurable:!0,enumerable:!0,get:function(){return u(n,o),r},set:function(e){u(n,o),r=e}})}function a(e,t,r,n,o){var a=e[t];e[t]=function(){return o&&u(n,o),(s.migrateIsPatchEnabled(n)?r:a||s.noop).apply(this,arguments)}}function c(e,t,r,n,o){if(!o)throw new Error("No warning message provided");return a(e,t,r,n,o),0}function i(e,t,r,n){return a(e,t,r,n),0}s.migrateDeduplicateWarnings=!0,s.migrateWarnings=[],void 0===s.migrateTrace&&(s.migrateTrace=!0),s.migrateReset=function(){o={},s.migrateWarnings.length=0},"BackCompat"===n.document.compatMode&&u("quirks","jQuery is not compatible with Quirks Mode");var d,l,p,f={},m=s.fn.init,y=s.find,g=/\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/,h=/\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/g,v=/^[\s\uFEFF\xA0]+|([^\s\uFEFF\xA0])[\s\uFEFF\xA0]+$/g;for(d in i(s.fn,"init",function(e){var t=Array.prototype.slice.call(arguments);return s.migrateIsPatchEnabled("selector-empty-id")&&"string"==typeof e&&"#"===e&&(u("selector-empty-id","jQuery( '#' ) is not a valid selector"),t[0]=[]),m.apply(this,t)},"selector-empty-id"),s.fn.init.prototype=s.fn,i(s,"find",function(t){var r=Array.prototype.slice.call(arguments);if("string"==typeof t&&g.test(t))try{n.document.querySelector(t)}catch(e){t=t.replace(h,function(e,t,r,n){return"["+t+r+'"'+n+'"]'});try{n.document.querySelector(t),u("selector-hash","Attribute selector with '#' must be quoted: "+r[0]),r[0]=t}catch(e){u("selector-hash","Attribute selector with '#' was not fixed: "+r[0])}}return y.apply(this,r)},"selector-hash"),y)Object.prototype.hasOwnProperty.call(y,d)&&(s.find[d]=y[d]);c(s.fn,"size",function(){return this.length},"size","jQuery.fn.size() is deprecated and removed; use the .length property"),c(s,"parseJSON",function(){return JSON.parse.apply(null,arguments)},"parseJSON","jQuery.parseJSON is deprecated; use JSON.parse"),c(s,"holdReady",s.holdReady,"holdReady","jQuery.holdReady is deprecated"),c(s,"unique",s.uniqueSort,"unique","jQuery.unique is deprecated; use jQuery.uniqueSort"),r(s.expr,"filters",s.expr.pseudos,"expr-pre-pseudos","jQuery.expr.filters is deprecated; use jQuery.expr.pseudos"),r(s.expr,":",s.expr.pseudos,"expr-pre-pseudos","jQuery.expr[':'] is deprecated; use jQuery.expr.pseudos"),e("3.1.1")&&c(s,"trim",function(e){return null==e?"":(e+"").replace(v,"$1")},"trim","jQuery.trim is deprecated; use String.prototype.trim"),e("3.2.0")&&(c(s,"nodeName",function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},"nodeName","jQuery.nodeName is de |
| URL: https://kitces.activehosted.com/admin/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be a legitimate New Relic (NREUM) monitoring script initialization. It contains standard configuration for features like distributed tracing, session management, and error reporting. While it does collect telemetry data, it's from a trusted vendor (New Relic) and includes privacy controls and cookie settings."
} |
(window.NREUM||(NREUM={})).init={privacy:{cookies_enabled:true},ajax:{deny_list:[]},session_trace:{sampling_rate:0.0,mode:"FIXED_RATE",enabled:true,error_sampling_rate:0.0},distributed_tracing:{enabled:true}};(window.NREUM||(NREUM={})).loader_config={agentID:"456980009",accountID:"149034",trustKey:"149034",xpid:"VQIOUVVXGwcFUlhVDwgCUw==",licenseKey:"d3d5c809d5",applicationID:"456978955"};;/*! For license information please see nr-loader-spa-1.274.0.min.js.LICENSE.txt */
(()=>{var e,t,r={8122:(e,t,r)=>{"use strict";r.d(t,{a:()=>i});var n=r(944);function i(e,t){try{if(!e||"object"!=typeof e)return(0,n.R)(3);if(!t||"object"!=typeof t)return(0,n.R)(4);const r=Object.create(Object.getPrototypeOf(t),Object.getOwnPropertyDescriptors(t)),o=0===Object.keys(r).length?e:r;for(let a in o)if(void 0!==e[a])try{if(null===e[a]){r[a]=null;continue}Array.isArray(e[a])&&Array.isArray(t[a])?r[a]=Array.from(new Set([...e[a],...t[a]])):"object"==typeof e[a]&&"object"==typeof t[a]?r[a]=i(e[a],t[a]):r[a]=e[a]}catch(e){(0,n.R)(1,e)}return r}catch(e){(0,n.R)(2,e)}}},2555:(e,t,r)=>{"use strict";r.d(t,{Vp:()=>c,fn:()=>s,x1:()=>u});var n=r(384),i=r(8122);const o={beacon:n.NT.beacon,errorBeacon:n.NT.errorBeacon,licenseKey:void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s(e){try{const t=c(e);return!!t.licenseKey&&!!t.errorBeacon&&!!t.applicationID}catch(e){return!1}}function c(e){if(!e)throw new Error("All info objects require an agent identifier!");if(!a[e])throw new Error("Info for ".concat(e," was never set"));return a[e]}function u(e,t){if(!e)throw new Error("All info objects require an agent identifier!");a[e]=(0,i.a)(t,o);const r=(0,n.nY)(e);r&&(r.info=a[e])}},9417:(e,t,r)=>{"use strict";r.d(t,{D0:()=>h,gD:()=>g,xN:()=>p});var n=r(993);const i=e=>{if(!e||"string"!=typeof e)return!1;try{document.createDocumentFragment().querySelector(e)}catch{return!1}return!0};var o=r(2614),a=r(944),s=r(384),c=r(8122);const u="[data-nr-mask]",d=()=>{const e={mask_selector:"*",block_selector:"[data-nr-block]",mask_input_options:{color:!1,date:!1,"datetime-local":!1,email:!1,month:!1,number:!1,range:!1,search:!1,tel:!1,text:!1,time:!1,url:!1,week:!1,textarea:!1,select:!1,password:!0}};return{ajax:{deny_list:void 0,block_internal:!0,enabled:!0,harvestTimeSeconds:10,autoStart:!0},distributed_tracing:{enabled:void 0,exclude_newrelic_header:void 0,cors_use_newrelic_header:void 0,cors_use_tracecontext_headers:void 0,allowed_origins:void 0},feature_flags:[],generic_events:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},harvest:{tooManyRequestsDelay:60},jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},logging:{enabled:!0,harvestTimeSeconds:10,autoStart:!0,level:n.p_.INFO},metrics:{enabled:!0,autoStart:!0},obfuscate:void 0,page_action:{enabled:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},performance:{capture_marks:!1,capture_measures:!1},privacy:{cookies_enabled:!0},proxy:{assets:void 0,beacon:void 0},session:{expiresMs:o.wk,inactiveMs:o.BB},session_replay:{autoStart:!0,enabled:!1,harvestTimeSeconds:60,preload:!1,sampling_rate:10,error_sampling_rate:100,collect_fonts:!1,inline_images:!1,fix_stylesheets:!0,mask_all_inputs:!0,get mask_text_selector(){return e.mask_selector},set mask_text_selector(t){i(t)?e.mask_selector="".concat(t,",").concat(u):""===t||null===t?e.mask_selector=u:(0,a.R)(5,t)},get block_class(){return"nr-block"},get ignore_class(){return"nr-ignore"},get mask_text_class(){return"nr-mask"},get block_selector(){return e.block_selector},set block_selector(t){i(t)?e.block_selector+=",".concat(t):""!==t&&(0,a.R)(6,t)},get mask_input_options(){return e.mask_input_options},set mask_input_options(t){t&&"object"==typeof t?e.mask_input_options={...t,password:!0}:(0,a.R)(7,t)}},session_trace:{enabled:!0, |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Get more out of ActiveCampaign",
"prominent_button_name": "Learn How",
"text_input_field_labels": [
"Username / Email",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://kitces.activehosted.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://kitces.activehosted.com |
| URL: https://kitces.activehosted.com/admin/... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This appears to be a legitimate configuration script for ActiveCampaign (a known marketing automation platform). It only contains static variable declarations with format strings and API endpoints from a legitimate business domain. No data transmission, dynamic code execution, or suspicious behaviors are present."
} |
var datetimeformat = "%m/%d/%Y %H:%M";
var dateformat = "%m/%d/%Y";
var timeformat = "%H:%M";
var ac_action = "";
var plink = "https://kitces.activehosted.com";
var ac_branded = "1";
var is_trial = false;
var apipath = "https://kitces.activehosted.com/admin/api.php";
|
| URL: https://kitces.activehosted.com/admin/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The code shows standard login page functionality with low-risk behaviors: DOM manipulation for visual effects (fade), URL parameter handling for password reset, and opening a support link to a legitimate domain (help.activecampaign.com). The hash handling in forms is a common practice. No data exfiltration, suspicious domains, or malicious patterns detected."
} |
function fade_login() {
$J('#login_container').fadeTo(1000, 0.55);
$J('#login_container').fadeTo(5000, 0.25);
$J('#login_container').fadeTo(1000, 1.00);
}
function lookup_link_fix(e) {
var url = $J(this).attr('href');
var usr = $J('#user').val();
if (ac_str_email(usr)) {
$J(this).attr('href', url + '&email=' + usr);
}
}
function contactSupport() {
let url = 'https://help.activecampaign.com/hc/en-us/requests/new';
window.open(url, '_blank');
}
$J(document).ready(function () {
$J("a.forgotpass").click(lookup_link_fix);
// if there is a hash, append it to links
if (window.location.hash) {
$J("form[name=log_user]").attr('action', $J("form[name=log_user]").attr('action') + window.location.hash);
}
});
|
| URL: https://kitces.activehosted.com/admin/js/functions... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The code shows standard JavaScript functionality for form handling, DOM manipulation, and editor controls. While it includes redirect functionality (jump function) and DOM manipulation, these are implemented in a straightforward way without suspicious patterns. The only minor concern is the incomplete 'wi' at the end which appears to be a truncated line, but this seems more like a coding error than a security risk."
} |
function console_log() {
// attempt to send a message to the console
try {
for(var i =0; i < arguments.length; i++) {
console.log(arguments[i]);
}
} catch(e) {} // fail gracefully if it does not exist
}
function form_branding_delete(plan, rsid, formid) {
if (!plan && !rsid ) {
alert(strFormUpgrade);
} else {
form_part_delete("branding",formid);
}
}
function jump(url) {
ac_loader_show();
window.location = url;
}
/*
CLONER FUNCTIONS
*/
function clone_1st_element(node, elem, clearInputs) {
return ac_dom_clone_node(node, elem, 0, clearInputs);
}
function clone_1st_div(node) {
return clone_1st_element(node, 'div', true);
}
function clone_1st_tr(node) {
return clone_1st_element(node, 'tr', false);
}
function clear_inputs(node) {
$J('input', node).each(function(i) {
var o = $J(this);
var t = o.attr('type');
if (t == 'text' || t == 'file') o.val('');
});
}
function clear_selects(node) {
$J('select', node).each(function(i) {
this.selectedIndex = -1;
});
}
function clear_areas(node) {
$J('textarea', node).html('');
}
function remove_element(node) {
var me = $J(node);
var dad = me.parent();
if ( $J("> div", dad).length > 1 ) {
me.remove();
} else {
clear_inputs(node);
clear_selects(node);
clear_areas(node);
}
}
/*
CLONER END
*/
function preview_template(id, isBasic) {
if ( !isBasic ) {
var preview_url = plink + '/template/' + id + '/preview_dual';
} else {
var preview_url = plink + '/admin/preview_dual.php?t=' + id;
}
window.open(preview_url ,'preview','height=812,width=1250,menubar=no,location=no,resizable=yes,scrollbars=no,status=yes');
}
function toggleEditor(id, action, settings) {
if ( action == ac_editor_is(id + 'Editor') ) return false;
ac_editor_toggle(id + 'Editor', settings);
$J('#' + id + 'EditorLinkOn').toggleClass("currenttab", action).toggleClass("othertab", !action);
$J('#' + id + 'EditorLinkOff').toggleClass("currenttab", !action).toggleClass("othertab", action);
$J('#' + id + 'EditorLinkDefault').toggle( action != ( ac_js_admin.htmleditor == 1 ) );
return false;
}
function setDefaultEditor(id) {
var isEditor = ac_editor_is(id + 'Editor');
if ( isEditor == ( ac_js_admin.htmleditor == 1 ) ) return false;
// send save command
// save new admin limit remotelly
ac.get("user.user_update_value", ['htmleditor', ( isEditor ? 1 : 0 )]);
$J('#' + id + 'EditorLinkDefault').toggle();
ac_js_admin.htmleditor = ( isEditor ? 1 : 0 );
return false;
}
function form_editor_personalization_push(nodes, id) {
for (var i = 0; i < nodes.length; i++)
$J('#' + id).append(nodes[i]);
}
function form_editor_insert(field, value) {
// only today tag should be reset
if ( value.match( /^%TODAY[+-]\d+%$/ ) ) {
value = '%TODAY*%';
}
if ( value == '%TODAY*%' ) {
var entered = prompt(strEnterRange, '+1');
if ( !entered || !entered.match( /^[-+]?\d+$/ ) ) {
alert(strEnterRangeInvalid);
return '';
}
if ( !entered.match(/^[-+].*$/) ) {
entered = '+' + entered;
}
value = '%TODAY' + entered + '%';
}
ac_form_insert_cursor(field, value);
}
function form_editor_defaults(prfx, format, sets) {
$J('#' + prfx + 'textField').val('');
$J('#' + prfx + 'formatField').val(format);
ac_form_value_set($J('#' + prfx + 'Editor').get(0), '');
// show appropriate editor
ac_editor_mime_switch(prfx, $J('#' + prfx + 'formatField').val());
}
function form_editor_update(prfx, ary, suffix) {
if ( typeof suffix != 'string' ) suffix = 'PersTags';
if(ary.format) $J('#' + prfx + 'formatField').val(ary.format);
$J('#' + prfx + 'textField').val(ary.text);
ac_form_value_set($J('#' + prfx + 'Editor').get(0), ary.html);
// show appropriate editor
ac_editor_mime_switch(prfx, $J('#' + prfx + 'formatField').val());
}
function export_link_build(context, ary) {
var link = 'export.php?action=' + context;
for ( var i in ary ) {
link += '&' + i + '=' + ary[i];
}
if ( typeof(ourflag) == 'undefined' || prompt('Go to this export URL?', link) )
wi |
| URL: https://kitces.activehosted.com/admin/js/jq/csrf_p... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate CSRF protection implementation that follows security best practices. It only adds CSRF tokens to same-origin requests (validateUrl check), uses secure cookie handling, and implements standard form protection. The only minor risk factors are DOM manipulation via form modification and cookie reading, but these are necessary for CSRF protection. The code shows defensive programming practices and proper input validation."
} |
/**
* Monkey patch jQuery so that for each AJAX request, it grabs the CSRF token
* directly from the cookie and sets it as a header. This way, it will always
* send the newest token.
*/
(function(allTheJQueries) {
function validateUrl(url) {
if (typeof url !== 'string') {
return false;
}
// If the URL does not begin with 'http' then it is a relative path,
// so it is okay
if (url.indexOf('http') !== 0) {
return true;
}
// If it is a fully qualified URL, then it MUST be to the current host
var upperCaseUrl = url.toUpperCase();
var upperCaseDocumentLocationOrigin = document.location.origin.toUpperCase();
return upperCaseUrl.indexOf(upperCaseDocumentLocationOrigin) === 0;
}
/**
* This is called every AJAX request, and adds our CSRF token header
* to the request
*/
function setHeader(options) {
var csrfResponseHeaderName = "X-XSRF-TOKEN";
if (!validateUrl(options.url)) {
return;
}
options.headers = typeof options.headers === 'object' ? options.headers : {};
options.headers[csrfResponseHeaderName] = getCSRFToken();
}
/**
* Modify the given version of jquery
*/
function modifyPrefilter(jQuery) {
if (typeof jQuery === "undefined"||
typeof jQuery.ajaxPrefilter !== "function"
) {
return false;
}
// Sanity check. Did we already override beforeSend?
if (jQuery.csrfProtection && jQuery.csrfProtection === "enabled") {
return false;
}
jQuery.ajaxPrefilter(setHeader);
jQuery.csrfProtection = "enabled";
return true;
}
/**
* Reads a CSRF token cookie value and appends it to
*
* @param jQueryImpl
* @returns {boolean}
*/
function appendCSRFTokenOnFormSubmit(jQueryImpl) {
if (typeof jQueryImpl === "undefined" ) {
return false;
}
// Settings page has their own submit handler. We are handling
// token injection there.
if (window.location.href.indexOf('main.php?action=settings') !== -1) {
return false;
}
try {
jQueryImpl(document).on('submit', 'form', function() {
appendCSRFToken(this);
});
} catch (e) {
return false;
}
return true;
}
// As there are several jQuery versions, just register on one
var csrfFormInterceptorRegistered = false;
// We need to do this to ALL of the given versions.
// We use different versions at different times.
allTheJQueries.forEach(function(jQueryImpl) {
modifyPrefilter(jQueryImpl);
if (!csrfFormInterceptorRegistered) {
csrfFormInterceptorRegistered = appendCSRFTokenOnFormSubmit(jQueryImpl);
}
});
})([window.jQuery, window.$J, window.$]);
/**
* Extracts CSRF protection token from the carrier cookie
*
* @returns {string}
*/
function getCSRFToken() {
var csrfCookieName = 'XSRF-TOKEN';
var cookie = window.document.cookie
// Break up all the cookies
.split(';')
// Filter out only cookies with right name
.filter(function(cookiePart) {
return cookiePart.indexOf(csrfCookieName) > -1;
})
// Get the first instance of the CSRF cookiecsr
// (In testing we only want the first one, not the last one.)
.shift()
;
if (typeof cookie === 'undefined') {
return;
}
// Here we split the token cookie and grab just the token itself:
// XSRF-TOKEN=sometoken => ["XSRF-TOKEN", "sometoken"] => 'sometoken'
var token = cookie.trim().split('=').pop();
return token;
}
/**
* Appends a CSRF protection token to html forms upon submit. Being defined in
* global scope, can be manually added to onSubmit event for every form missed
* by jQuery.
*
* @param interceptedForm
*/
function appendCSRFToken(interceptedForm) {
var form = interceptedForm;
if (!form.elements) {
form = interceptedForm.forms[0];
}
var csrfInput = getCSRFInputField(form);
if (!csrfInput) {
csrfInput = attachNewCSRFInputFieldToForm(form);
}
csrfInput.setAttribute("value", getCSRFToken());
}
/**
* Retrieves a csrf validation input field from the form
*
* @param myForm
* @returns {*}
*/
function getCSRFInputField(myForm) {
return myForm.elements._csrf |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"brands": [
"Nerd's Eye View KITCES"
]
} |
|
| URL: https://kitces.activehosted.com/ac_global/js/ac.js... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The script shows moderate risk indicators: 1) Uses eval() for callback function names (cb = eval('cb_' + rootNode.nodeName)) which is a dangerous practice (+3), 2) Implements CSRF protection and proper encoding which is positive (-1), 3) Contains standard AJAX functionality with proper error handling, 4) Uses base64 encoding for randomization which isn't inherently malicious. The code appears to be a legitimate AJAX handler but uses some unsafe practices."
} |
// ac.js
// Loading...
// ajax.js
var ac_ajax_debug = true;
function ac_ajax_request_object() {
var hreq;
try {
hreq = new XMLHttpRequest();
} catch (e) {
hreq = null;
}
return hreq;
}
function ac_ajax_call_url(url, post, cb) {
var hreq = ac_ajax_request_object();
if (hreq !== null) {
hreq.onreadystatechange = function() {
try {
ac_ajax_handle(hreq, cb);
} catch (e) {}
};
var method = ( post === null ? 'GET' : 'POST' );
var postType = typeof(post);
if ( post !== null ) {
if ( postType == 'array' || postType == 'object' ) {
var postArr = new Array();
for ( var i in post ) {
var postType = typeof(post[i]);
if ( postType == 'array' || postType == 'object' ) {
for ( var j in post[i] ) {
if ( typeof(post[i][j]) != 'function' ) {
postArr.push(i + '[' + ( j == 'undefined' ? '' : j ) + ']=' + encodeURIComponent(post[i][j]));
}
}
} else if ( postType != 'function' ) {
postArr.push(i + '=' + encodeURIComponent(post[i]));
}
}
post = postArr.join('&');
}
}
hreq.open(method, url, true);
hreq.setRequestHeader("X-XSRF-TOKEN", getCSRFToken());
if ( post !== null ) {
hreq.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
}
hreq.send(post);
}
}
function ac_ajax_proxy_call_url(base, url, post, cb) {
if (post !== null)
ac_ajax_call_url(base + "/ac_global/functions/ajax_proxy.php?post=1&url=" + ac_b64_encode(url), post, cb);
else
ac_ajax_call_url(base + "/ac_global/functions/ajax_proxy.php?url=" + ac_b64_encode(url), post, cb);
}
function ac_ajax_proxy_call_cb(base, url, func, cb) {
if (url.match(/\?/))
url = url + "&f=" + func;
else
url = url + "?f=" + func;
url += "&rand=" + ac_b64_encode(Math.random().toString());
if (arguments.length > 3) {
for (var i = 4; i < arguments.length; i++)
url += "&p[]=" + encodeURIComponent(arguments[i]);
}
ac_ajax_proxy_call_url(base, url, null, cb);
}
function ac_ajax_call(url, func) {
if (arguments.length < 3)
ac_ajax_call_cb(ac_str_url(url), func, null);
else {
ac_ajax_call_cb(ac_str_url(url), func, null, ac_ary_last(arguments, 2));
}
}
function ac_ajax_call_cb(url, func, cb) {
if (func) {
if (url.match(/\?/))
url = url + "&f=" + func;
else
url = url + "?f=" + func;
}
url += "&rand=" + ac_b64_encode(Math.random().toString());
if (arguments.length > 3) {
for (var i = 3; i < arguments.length; i++)
url += "&p[]=" + encodeURIComponent(arguments[i]);
}
if ( cb === null ) cb = function(){};
ac_ajax_call_url(url, null, cb);
}
function ac_ajax_post_cb(url, func, cb, post) {
if (func) {
if (url.match(/\?/))
url = url + "&f=" + func;
else
url = url + "?f=" + func;
}
url += "&rand=" + ac_b64_encode(Math.random().toString());
if ( cb === null ) cb = function(){};
ac_ajax_call_url(url, post, cb);
}
function ac_ajax_handle(hreq, cb) {
if (hreq !== null) {
if (hreq.readyState == 4) {
if (hreq.status == 200) {
try {
var xml = hreq.responseXML;
if (xml !== null && xml.documentElement !== null) {
if (cb === null)
cb = eval("cb_" + xml.documentElement.nodeName);
if (typeof cb == "function")
cb(xml.documentElement, hreq.responseText);
} else {
if ( hreq.responseText != '' ) {
if (typeof ac_ajax_handle_text == 'function')
ac_ajax_handle_text(hreq.responseText);
}
}
/*
var rootNode = ( xml !== null ? xml.documentElement : null );
if (cb === null && rootNode) {
cb = eval("cb_" + rootNode.nodeName);
|
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Login",
"text_input_field_labels": ["Username / Email", "Password"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"brands": [
"Nerd's Eye View KITCES"
]
} |
|
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | ```json{ "legit_domain": "kitces.com", "classification": "known", "reasons": [ "The brand 'Nerd's Eye View KITCES' is associated with financial planning and is known in the financial advisory community.", "The URL 'kitces.activehosted.com' uses a subdomain of 'activehosted.com', which is a service often used for email marketing and hosting.", "The main domain 'activehosted.com' does not match the legitimate domain 'kitces.com', which is suspicious.", "The presence of input fields for 'Username / Email' and 'Password' on a non-matching domain increases the risk of phishing.", "The use of a third-party service domain rather than the brand's own domain is a common tactic in phishing attempts." ], "riskscore": 8}
Google indexed: False |
URL: kitces.activehosted.com
Brands: Nerd's Eye View KITCES
Input Fields: Username / Email, Password |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Get more out of ActiveCampaign",
"prominent_button_name": "Learn How",
"text_input_field_labels": [
"Username / Email",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Get more out of ActiveCampaign",
"prominent_button_name": "Contact Customer Success",
"text_input_field_labels": [
"Username / Email",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"brands": [
"Nerd's Eye View",
"KITCES"
]
} |
|
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"brands": [
"Nerd's Eye View KITCES"
]
} |
|
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Kick off automations directly in Slack.",
"prominent_button_name": "Get the ActiveCampaign Bot for Slack",
"text_input_field_labels": [
"Username / Email",
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://kitces.activehosted.com/admin/ Model: Joe Sandbox AI | {
"brands": [
"ActiveCampaign"
]
} |
|
Edit tour
chrome.exe (PID: 4252 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node