How This Briefing Works
This report opens with key findings, then maps the gaps between what Act-On discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
2 gaps
pending
MEDIUM
They Claim
“Awaiting scanner verification”
Observed Behavior
Analysis based on Act-On official documentation, beacon installation guides, and integration partner listings
pending
MEDIUM
They Claim
“Cookie-to-identity retroactive linking unverified”
Observed Behavior
Act-On documents this capability but runtime data retention and scope require direct observation
Customer Impact
What This Means For You
Organizations using Act-On face three material risks: (1) The beacon's pre-identification behavioral tracking creates compliance exposure under GDPR and ePrivacy regulations, where placing persistent tracking cookies before consent and retroactively linking behavioral history to identified individuals may violate both cookie consent and data minimization requirements. (2) Bidirectional CRM sync means Act-On behavioral data enriches contact records in Salesforce/Dynamics, expanding the PII footprint across multiple systems and complicating data subject deletion requests. (3) Integrations with ad platforms and ABM vendors mean website visitor behavior collected by the beacon can be used for advertising targeting, creating data leakage pathways that site visitors would not expect from a B2B company website.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Act-On
- →- Audit Act-On Beacon deployment to confirm what behavioral events are captured and verify cookie consent mechanisms are in place before the beacon fires - Review email tracking pixel behavior and determine whether pixel tracking can be disabled for recipients in consent-sensitive jurisdictions - Map all bidirectional CRM sync fields to understand which behavioral data elements flow into Salesforce/Dynamics contact records - Inventory all active Act-On integrations with ad platforms and ABM vendors to identify behavioral data sharing pathways - Review Act-On's data retention policies and verify that deleting a contact also purges their pre-identification behavioral history
Negotiation Leverage
- →Leverage: Act-On competes in a crowded mid-market marketing automation space against HubSpot, Marketo, and Pardot. Customer retention is critical, giving existing customers leverage to negotiate data handling terms. Their reliance on CRM integration stickiness means they are motivated to accommodate contractual requirements to prevent migration. Key questions: (1) Can the Act-On Beacon be configured to require consent before placing tracking cookies? (2) When a contact is deleted, is their pre-identification anonymous behavioral history also purged? (3) Which ad platform and ABM integrations receive behavioral data, and can these data flows be disabled per-contact? (4) Does Act-On use aggregate behavioral data from customer accounts for its own product development or benchmarking? Protections to negotiate: Contractual commitment that beacon tracking respects consent signals (e.g., no tracking before cookie consent), data deletion guarantees that cover anonymous behavioral history, and explicit restrictions on sharing behavioral data with advertising and ABM partners without per-contact consent.
IOC Manifest
IOC Manifest
184 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*act-on.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.js*
Tracking script
TRACK
*act-on.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*act-on.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*act-on.com/wp-content/uploads/rangeslider/rangeslider.js*
Tracking script
TRACK
*act-on.com/wp-content/uploads/rangeslider/jquery-3.6.4.js*
Tracking script
TRACK
*act-on.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js*
Tracking script
TRACK
*act-on.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.js*
Tracking script
TRACK
*act-on.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-menu/assets/public/lib/vue/vue.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-menu/assets/public/js/jet-menu-public-scripts.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-engine/assets/lib/jet-plugins/jet-plugins.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-engine/assets/js/frontend.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-engine/assets/lib/slick/slick.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/events-tracker-for-elementor/frontend/js/app.js*
Tracking script
TRACK
*act-on.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-elements/assets/js/jet-elements.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-tabs/assets/js/jet-tabs-frontend.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-menu/includes/elementor/assets/public/js/widgets-scripts.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-blog/assets/js/jet-blog.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/jet-tricks/assets/js/jet-tricks-frontend.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/js/search-form.*.bundle.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.*.bundle.js*
Tracking script
TRACK
*act-on.com/wp-content/plugins/elementor/assets/js/image-carousel.*.bundle.js*
Tracking script
TRACK
*success.act-on.com/cdnr/a248/acton/bn/tracker/**
Tracking script
TRACK
act-on.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/uploads/rangeslider/jquery-3.6.4.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/uploads/rangeslider/rangeslider.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/uploads/rangeslider/rangeslider.min.js
Auto-extracted from scan
TRACK
act-on.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
Auto-extracted from scan
TRACK
act-on.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-menu/assets/public/lib/vue/vue.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-menu/assets/public/js/jet-menu-public-scripts.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-engine/assets/lib/jet-plugins/jet-plugins.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-engine/assets/js/frontend.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-engine/assets/lib/slick/slick.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/events-tracker-for-elementor/frontend/js/app.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-elements/assets/js/jet-elements.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-menu/includes/elementor/assets/public/js/widgets-scripts.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-tabs/assets/js/jet-tabs-frontend.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-tricks/assets/js/jet-tricks-frontend.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/jet-blog/assets/js/jet-blog.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.30dc2f9c080845a413a6.bundle.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/js/search-form.b7065999d77832a1b764.bundle.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/text-editor.c084ef86600b6f11690d.bundle.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor/assets/js/image-carousel.6167d20b95b33386757b.bundle.min.js
Auto-extracted from scan
TRACK
act-on.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.a23fbd67486c5bedf26c.bundle.min.js
Auto-extracted from scan
TRACK
success.act-on.com/cdnr/a248/acton/bn/tracker/9883
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Act-On maintains extensive ecosystem integrations across multiple categories. CRM: native bidirectional sync with Salesforce, Microsoft Dynamics 365, SugarCRM, Oracle NetSuite, and Zendesk Sell. Advertising: Google Ads, LinkedIn Ads, Meta/Facebook Ads for audience targeting and retargeting. ABM: DemandBase, 6Sense, RollWorks, ZoomInfo, and Terminus for account-based targeting. Webinar: Zoom, GoToWebinar, Webex, ON24, Demio, Microsoft Teams. Social: Hootsuite, Facebook, Loomly. Data export: Act-On Data Studio exports to Amazon S3, Google Drive, Power BI, Microsoft Azure. Additional connectivity via REST API, webhooks, Zapier, and Cazoomi integrations. Each integration point represents a behavioral data sharing vector.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
184 detection signatures across scripts, domains, cookies, and network endpoints