Windows Analysis Report
https://customers.jam-software.de/downloadTrialProcess.php?article_no=671&

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: https://customers.jam-software.de

{
    "risk_score": 4,
    "reasoning": "The script appears to be capturing and serializing various variables, including data from the 'dataLayer' and 'gaData' objects. While this behavior could be part of a legitimate analytics or tracking implementation, the use of a custom 'TvtRetrievedVariablesEvent' event to dispatch the data raises some concerns. Additionally, the script uses a setTimeout function to delay the execution, which could be used to bypass security measures. Overall, the script exhibits moderate-risk indicators and requires further review to determine its true intent."
}

            var tvt = tvt || {};
            tvt.captureVariables = function (a) {
                for (var b =
                    new Date, c = {}, d = Object.keys(a || {}), e = 0, f; f = d[e]; e++) if (a.hasOwnProperty(f) && "undefined" != typeof a[f]) try {
                    var g = [];
                    c[f] = JSON.stringify(a[f], function (l, t) {
                        try {
                            if ("function" !== typeof t) {
                                if ("object" === typeof t && null !== t) {
                                    if (t instanceof HTMLElement || t instanceof Node || -1 != g.indexOf(t)) return;
                                    g.push(t)
                                }
                                return t
                            }
                        } catch (A) {
                        }
                    })
                } catch (l) {
                }
                a = document.createEvent("CustomEvent");
                a.initCustomEvent("TvtRetrievedVariablesEvent", !0, !0, {variables: c, date: b});
                window.dispatchEvent(a)
            };
            window.setTimeout(function () {
                tvt.captureVariables({
                    'dataLayer.hide': (function (a) {
                        a = a.split(".");
                        for (var b = window, c = 0; c < a.length && (b = b[a[c]], b); c++) ;
                        return b
                    })('dataLayer.hide'), 'gaData': window['gaData'], 'dataLayer': window['dataLayer']
                })
            }, 2000);
        

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of common web application features, such as navigation menu management and password field visibility toggling. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and follows best practices, with no signs of malicious intent. Overall, this script is considered low-risk."
}

    document.addEventListener('DOMContentLoaded', function () {
        setupNavigation();
        setupPasswordFields();
    });

    /**
     * Initializes the navigation menu.
     * Ensures only one dropdown menu is open at a time and closes dropdowns when clicking outside.
     */
    function setupNavigation() {
        const navigation = document.getElementById('navigation');
        const dropdowns = navigation.querySelectorAll('.dropdown-menu');

        // Event listener to close other dropdowns when one is opened
        navigation.addEventListener('show.bs.dropdown', event => {
            dropdowns.forEach(dropdown => {
                if (dropdown !== event.target) {
                    dropdown.classList.remove('show');
                }
            });
        });

        // Event listener to close all dropdowns when clicking outside the navigation
        document.addEventListener('click', event => {
            const isClickInside = navigation.contains(event.target);
            if (isClickInside) {
                return;
            }
            dropdowns.forEach(dropdown => dropdown.classList.remove('show'));
        });
    }

    /**
     * Initializes the password fields.
     * Adds event listeners to toggle password visibility.
     */
    function setupPasswordFields() {
        // get all password fields
        const passwordFields = document.querySelectorAll('input[type="password"]');
        // get nearest .showPassword element for each password field
        passwordFields.forEach(field => {
            const fieldContainer = field.parentElement;
            if (fieldContainer.classList.contains('inlineButton')) {
                const showPassword = fieldContainer.querySelector('.showPassword');
                // Add event listener to toggle password visibility
                showPassword.addEventListener('click', (event) => {
                    event.stopPropagation();
                    togglePasswordVisibility(field, true);
                });
                field.addEventListener('blur', () => togglePasswordVisibility(field, false));
            }
        });
    }

    /**
     * Toggles the visibility of a password field
     * @param field The password field to toggle
     * @param show Whether to show the password (default: false)
     */
    function togglePasswordVisibility(field, show = false) {
        const fieldType = field.getAttribute('type');

        // Change icon and field type based on current visibility
        if (fieldType === 'password' && show) {
            field.setAttribute('type', 'text');
            field.parentElement.querySelector('i').classList.remove('fa-eye-slash');
            field.parentElement.querySelector('i').classList.add('fa-eye');
        } else {
            field.setAttribute('type', 'password');
            field.parentElement.querySelector('i').classList.remove('fa-eye');
            field.parentElement.querySelector('i').classList.add('fa-eye-slash');
        }
    }

    /**
     * Helper function to display a loading spinner or a skeleton view
     * @param destinationContainer The container where the spinner or skeleton view will be displayed
     * @param type The type of loading view ("spinner", "license" or "order")
     */
    function showLoadingSpinner(destinationContainer, type = "spinner") {
        if (type === "license") {
            destinationContainer.innerHTML = `<div class="row gy-3" role="status" aria-live="polite" aria-label="Loading content">
    <div class="license col-12 col-lg-8 col-xl-9">
        <div class="product d-flex align-items-center">
            <div class="rounded-circle overflow-hidden">
                <div class="placeholder-glow rounded" style="width: 48px; height: 48px;">
                    <span class="placeholder w-100 h-100" aria-hidden="true"></span>
                </div>
            </div>
            <div class="details placeholder-glow w-50 gap-1">
                <span class="title placeh

{
    "risk_score": 1,
    "reasoning": "This appears to be the jQuery library, which is a widely used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and does not demonstrate any suspicious or malicious behavior."
}

/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="sizzle"+1*new Date,p=n.document,

{
    "risk_score": 2,
    "reasoning": "This script appears to be a Matomo (formerly Piwik) analytics tracking script, which is a legitimate and widely-used web analytics platform. The behaviors observed, such as setting cookie domains, disabling cookies, and tracking page views, are common for analytics scripts. While the script uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script demonstrates typical analytics functionality without any high-risk indicators, so it is considered low risk."
}

            var _paq = window._paq || [];_paq.push(["setCookieDomain", "*.jam-software.de"]);_paq.push(['setDocumentTitle', '/customers/downloadTrial.php/DE']);
            _paq.push(["setDomains", ["*.jam-software.com","*.jam-software.de"]]);
            _paq.push(['disableCookies']);_paq.push(['trackPageView']);_paq.push(['enableLinkTracking']);(function(){var u="https://matomo.jam-software.de/";
                _paq.push(['setTrackerUrl', u+'matomo.php']);_paq.push(['setSiteId', '1']);var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);})();
        

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet appears to be the Matomo (formerly Piwik) analytics tracking client, which is a legitimate and widely-used open-source web analytics platform. The code does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or redirects to malicious domains. It primarily focuses on analytics and tracking functionality, which is a common and expected behavior for a web analytics tool. While the code uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely low-risk and intended for legitimate analytics purposes."
}

/*!!
 * Matomo - free/libre analytics platform
 *
 * JavaScript tracking client
 *
 * @link https://piwik.org
 * @source https://github.com/matomo-org/matomo/blob/master/js/piwik.js
 * @license https://piwik.org/free-software/bsd/ BSD-3 Clause (also in js/LICENSE.txt)
 * @license magnet:?xt=urn:btih:c80d50af7d3db9be66a4d0a86db0286e4fd33292&dn=bsd-3-clause.txt BSD-3-Clause
 */
;if(typeof _paq!=="object"){_paq=[]}if(typeof window.Matomo!=="object"){window.Matomo=window.Piwik=(function(){var s,b={},A={},K=document,g=navigator,ac=screen,X=window,h=X.performance||X.mozPerformance||X.msPerformance||X.webkitPerformance,u=X.encodeURIComponent,W=X.decodeURIComponent,k=unescape,M=[],I,v,am=[],z=0,ag=0,Y=0,m=false,q="";function p(au){try{return W(au)}catch(av){return unescape(au)}}function N(av){var au=typeof av;return au!=="undefined"}function D(au){return typeof au==="function"}function aa(au){return typeof au==="object"}function y(au){return typeof au==="string"||au instanceof String}function al(au){return typeof au==="number"||au instanceof Number
}function ad(au){return N(au)&&(al(au)||(y(au)&&au.length))}function E(av){if(!av){return true}var au;for(au in av){if(Object.prototype.hasOwnProperty.call(av,au)){return false}}return true}function ap(au){var av=typeof console;if(av!=="undefined"&&console&&console.error){console.error(au)}}function ak(){var az,ay,aB,av,au;for(az=0;az<arguments.length;az+=1){au=null;if(arguments[az]&&arguments[az].slice){au=arguments[az].slice()}av=arguments[az];aB=av.shift();var aA,aw;var ax=y(aB)&&aB.indexOf("::")>0;if(ax){aA=aB.split("::");aw=aA[0];aB=aA[1];if("object"===typeof v[aw]&&"function"===typeof v[aw][aB]){v[aw][aB].apply(v[aw],av)}else{if(au){am.push(au)}}}else{for(ay=0;ay<M.length;ay++){if(y(aB)){aw=M[ay];var aC=aB.indexOf(".")>0;if(aC){aA=aB.split(".");if(aw&&"object"===typeof aw[aA[0]]){aw=aw[aA[0]];aB=aA[1]}else{if(au){am.push(au);break}}}if(aw[aB]){aw[aB].apply(aw,av)}else{var aD="The method '"+aB+'\' was not found in "_paq" variable.  Please have a look at the Matomo tracker documentation: https://developer.matomo.org/api-reference/tracking-javascript';
ap(aD);if(!aC){throw new TypeError(aD)}}if(aB==="addTracker"){break}if(aB==="setTrackerUrl"||aB==="setSiteId"){break}}else{aB.apply(M[ay],av)}}}}}function at(ax,aw,av,au){if(ax.addEventListener){ax.addEventListener(aw,av,au);return true}if(ax.attachEvent){return ax.attachEvent("on"+aw,av)}ax["on"+aw]=av}function n(au){if(K.readyState==="complete"){au()}else{if(X.addEventListener){X.addEventListener("load",au,false)}else{if(X.attachEvent){X.attachEvent("onload",au)}}}}function r(ax){var au=false;if(K.attachEvent){au=K.readyState==="complete"}else{au=K.readyState!=="loading"}if(au){ax();return}var aw;if(K.addEventListener){at(K,"DOMContentLoaded",function av(){K.removeEventListener("DOMContentLoaded",av,false);if(!au){au=true;ax()}})}else{if(K.attachEvent){K.attachEvent("onreadystatechange",function av(){if(K.readyState==="complete"){K.detachEvent("onreadystatechange",av);if(!au){au=true;ax()}}});if(K.documentElement.doScroll&&X===X.top){(function av(){if(!au){try{K.documentElement.doScroll("left")
}catch(ay){setTimeout(av,0);return}au=true;ax()}}())}}}at(X,"load",function(){if(!au){au=true;ax()}},false)}function ah(av,aA,aB){if(!av){return""}var au="",ax,aw,ay,az;for(ax in b){if(Object.prototype.hasOwnProperty.call(b,ax)){az=b[ax]&&"function"===typeof b[ax][av];if(az){aw=b[ax][av];ay=aw(aA||{},aB);if(ay){au+=ay}}}}return au}function an(av){var au;m=true;ah("unload");au=new Date();var aw=au.getTimeAlias();if((s-aw)>3000){s=aw+3000}if(s){do{au=new Date()}while(au.getTimeAlias()<s)}}function o(aw,av){var au=K.createElement("script");au.type="text/javascript";au.src=aw;if(au.readyState){au.onreadystatechange=function(){var ax=this.readyState;if(ax==="loaded"||ax==="complete"){au.onreadystatechange=null;av()}}}else{au.onload=av}K.getElementsByTagName("head")[0].appendChild(au)}function O(){var au="";try{au=X.top.document.referrer}catch(aw){if(X.pare

{
  "contains_trigger_text": true,
  "trigger_text": "Testversionen unserer Software-Produkte herunterzuladen",
  "prominent_button_name": "Download",
  "text_input_field_labels": [
    "K123456 oder E-Mail-Adresse",
    "Passwort"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": true,
  "trigger_text": "Testversionen unserer Software-Produkte herunterzuladen",
  "prominent_button_name": "Download",
  "text_input_field_labels": [
    "K123456 oder E-Mail-Adresse",
    "Passwort"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "IAM Software"
  ]
}

{
  "brands": [
    "IAM Software"
  ]
}