ClickCease | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what ClickCease discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

24 detections across 12 sites46% pre-consent activity2 critical disclosure gaps

CRITICAL

Subprocessor Disclosure

50+ third-party vendors detected including ad networks, analytics, and B2B intelligence

GDPR Art 13GDPR Art 14GDPR Art 28

CRITICAL

Pre-Consent Tracking

45.8% pre-consent tracking rate, 13 vendors fire before user consent

GDPR Art 6GDPR Art 7ePrivacy Directive

HIGH

Pre-Consent Activity

ClickCease was observed loading and executing before user consent was obtained on 46% of sites where it was detected.

GDPRePrivacy

HIGH

Identity Resolution Undisclosed

ZoomInfo and RB2B perform company and individual identification

GDPR Art 13(1)(e)CCPA 1798.100

HIGH

Parent Company Hypocrisy

CHEQ/ClickCease website deploys the same surveillance patterns they claim to protect customers from

FTC Section 5 - Deceptive Practices

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps

2 CRIT2 HIGH

Classified:BTI-X01BTI-X02BTI-X04BTI-X05BTI-X06BTI-X08

Subprocessor Disclosure

GDPR Art 13 · GDPR Art 14 · GDPR Art 28CRITICAL

They Claim

“3 subprocessors disclosed (AWS, Azure, Zendesk)”

Observed Behavior

50+ third-party vendors detected including ad networks, analytics, and B2B intelligence

Runtime scan of clickcease.com detected GoogleAnalytics4, GoogleAds, DoubleClick, MetaPixel, HubSpot, Clarity, ZoomInfo, RB2B, HockeyStack, and 40+ more

Identity Resolution Undisclosed

GDPR Art 13(1)(e) · CCPA 1798.100HIGH

They Claim

“Privacy policy mentions 'Non-personal Information' and technical data collection”

Observed Behavior

ZoomInfo and RB2B perform company and individual identification

B2B intelligence vendors detected that identify visitors by company, job title, and contact information

Parent Company Hypocrisy

FTC Section 5 - Deceptive PracticesHIGH

They Claim

“CHEQ sells privacy and compliance tools”

Observed Behavior

CHEQ/ClickCease website deploys the same surveillance patterns they claim to protect customers from

CHEQ's own tracking detected pre-consent on ClickCease site, along with 50+ other trackers

Customer Impact

What This Means For You

YOUR click fraud protection data processed through ClickCease flows through a vendor ecosystem where 94% of vendors are undisclosed. YOUR ad campaign data — which clicks are fraudulent, which are legitimate, what patterns emerge — passes through a platform running ZoomInfo, RB2B, and HockeyStack on its own site. As a CHEQ subsidiary, YOUR data processing relationship extends to CHEQ's broader ecosystem — YOUR subprocessor documentation must account for this corporate structure. YOUR compliance auditors citing 3 subprocessors are dramatically underinformed about actual data flows.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use ClickCease

→Audit your consent mechanism to ensure ClickCease JavaScript only loads post-consent
→Review your subprocessor disclosures — using ClickCease makes CHEQ your subprocessor with their undisclosed vendor chain
→Request CHEQ consolidated subprocessor list covering both ClickCease and parent company vendors
→Monitor for identity resolution data flows from ZoomInfo, RB2B, and HockeyStack on your properties

If You're Evaluating ClickCease

→Request complete subprocessor list — 3 vendors disclosed for a 50+ vendor ecosystem is not credible
→Verify CHEQ SOC2 certification scope covers ClickCease and all detected third-party vendors
→Compare with ClickGuard and Lunio on vendor disclosure transparency
→Require contractual restrictions on data sharing within the CHEQ corporate structure

Negotiation Leverage

→94% vendor non-disclosure: 50+ vendors detected vs. 3 disclosed — the most extreme disclosure gap in this category; require complete vendor transparency as a non-negotiable condition
→Identity resolution tools: ZoomInfo, RB2B, and HockeyStack on clickcease.com — use this to negotiate restrictions on visitor identification from your fraud protection data
→CHEQ subsidiary structure: ClickCease is a CHEQ subsidiary — negotiate clarity on data flows within the CHEQ corporate family and require consolidated subprocessor disclosure
→Click fraud data sensitivity: Fraud detection data reveals campaign targeting patterns — negotiate data usage restrictions preventing competitive intelligence from your fraud patterns

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C10Fingerprinting

Device identification

BTI-C13Persistence Mechanisms

Long-lived identifiers

IOC Manifest

68 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*www.clickcease.com/js/webflow.js*

Tracking script

TRACK

*www.clickcease.com/scripts/web-flow-script.js*

Tracking script

TRACK

*www.clickcease.com/scripts/abTest.js*

Tracking script

TRACK

*www.clickcease.com/monitor/stat.js*

Tracking script

TRACK

clickcease.com

Tracking script

TRACK

monitor.clickcease.com

Tracking script

TRACK

www.clickcease.com/js/webflow.js

Auto-extracted from scan

TRACK

www.clickcease.com/scripts/web-flow-script.js

Auto-extracted from scan

TRACK

www.clickcease.com/scripts/abTest.js

Auto-extracted from scan

TRACK

www.clickcease.com/monitor/stat.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

ClickCease operates as a CHEQ subsidiary focused on SMB click fraud protection. The vendor is loaded via direct script implementation on customer sites to monitor ad traffic. On their own website, ClickCease/CHEQ loads: (1) Parent company tracking (CHEQ, Ensighten), (2) Ad platforms they claim to protect against (Google Ads, Meta, Twitter, LinkedIn), (3) Analytics (GA4, Adobe Analytics, Clarity, LuckyOrange), (4) B2B intelligence (ZoomInfo, RB2B, HockeyStack, ChiliPiper, TrenDemon), (5) CRM/Marketing (HubSpot, Intercom). This creates a circular ecosystem where a fraud protection vendor participates in the same surveillance advertising infrastructure it claims to police. The presence of ZoomInfo and RB2B is particularly notable - these are identity resolution vendors that de-anonymize website visitors, a practice that directly contradicts privacy claims.

Loads (1)

Ensighten

Loaded By (1)

Cheq

Commonly Deployed With

Hubspot Googletagmanager Linkedinads Googleanalytics4 Metapixel Doubleclick Bing Ads Google Ads Clearbit Cheq

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

79 detection signatures across scripts, domains, cookies, and network endpoints