All Vendors
marketing_automation

AWeber

AWeber is a marketing automation vendor that deploys cross-site tracking via email web analytics snippets, enabling persistent subscriber behavior monitoring across multiple web properties.

24 IOCs
35
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what AWeber discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Runtime behavior not yet observed

Customer Impact

What This Means For You

Organizations using AWeber should be aware that the Email Web Analytics snippet creates a persistent tracking surface on their web properties. Subscriber behavioral data — including cross-site navigation patterns and purchase activity — is collected and stored by AWeber, with potential downstream sharing through ad network partnerships. Under GDPR and similar frameworks, IP addresses collected via tracking pixels qualify as personal data requiring lawful basis for processing. Apple Mail Privacy Protection and Gmail/Yahoo 2024-2025 authentication requirements have degraded the reliability of open tracking data, meaning teams making decisions based on open rates may be operating on inflated metrics.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for AWeber

  • • Audit all pages where the AWeber Email Web Analytics snippet is installed and verify it fires only after valid consent • Review AWeber's third-party ad network data sharing and determine if your subscribers' behavioral data is being used for advertising purposes • Implement server-side email tracking where possible to reduce client-side tracking surface • Evaluate whether Page Hit Automations are tagging subscribers based on pre-consent page visits • Review all Zapier/integration workflows to map where subscriber data flows beyond AWeber

Negotiation Leverage

  • Key leverage: AWeber's ad network partnership creates data sharing that most customers are unaware of — request explicit disclosure of which ad partners receive behavioral data from your account. Ask for a DPA amendment that restricts use of your subscriber data for third-party advertising. During renewal, request contractual confirmation that Email Web Analytics data is not used to train AWeber's own models or shared with ad partners. Key questions: (1) Which specific ad networks receive data collected via the tracking snippet? (2) Can ad network data sharing be disabled at the account level? (3) What is the retention period for cross-site behavioral data? Protections to negotiate: data processing restriction clauses, right to audit sub-processor list, contractual prohibition on using customer subscriber data for AWeber's own advertising partnerships.
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Email Web Analytics explicitly tracks subscriber movement across multiple websites when the snippet is installed on more than one property, correlating email identity with cross-site browsing behavior.

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

24 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.aweber.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*analytics.aweber.com/js/awt_analytics.js*
Tracking script
TRACK
*ph.aweber.com/static/array.js*
Tracking script
TRACK
*ph.aweber.com/array/phc_CrcHvwT29CjFQD1FpXXp3eLB6LrWANZtKrZu32L6RWi/config.js*
Tracking script
TRACK
*ph.aweber.com/static/surveys.js*
Tracking script
TRACK
www.aweber.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
ph.aweber.com/static/array.js
Auto-extracted from scan
TRACK
analytics.aweber.com/js/awt_analytics.js
Auto-extracted from scan
TRACK
ph.aweber.com/array/phc_CrcHvwT29CjFQD1FpXXp3eLB6LrWANZtKrZu32L6RWi/config.js
Auto-extracted from scan
TRACK
ph.aweber.com/static/surveys.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

AWeber integrates with a broad ecosystem including CRM platforms (Salesforce, SalesforceIQ), automation middleware (Zapier, Microsoft Flow, Integromat, Automate.io, Apiant, Latenode), landing page builders (Leadpages), survey tools (SurveySparrow), and WordPress via dedicated plugin. The platform supports bidirectional data sync — subscriber lists, tags, and behavioral data flow outward to connected systems while contact updates flow back in. AWeber also partners with unnamed third-party ad networks for behavioral advertising, creating data sharing relationships that extend beyond the customer's direct integration choices.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

24 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details