How This Briefing Works
This report opens with key findings, then maps the gaps between what Crayon discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
3 gaps
pending
UNKNOWN
They Claim
“Awaiting scanner verification”
Observed Behavior
Runtime behavior of Crayon tracking scripts or embedded widgets on customer websites has not been independently observed
pending
UNKNOWN
They Claim
“Web scraping methodology unverified”
Observed Behavior
The specific crawling frequency, IP rotation practices, and robots.txt compliance of Crayon's scraping infrastructure need investigation
pending
UNKNOWN
They Claim
“Data retention and deletion practices unclear”
Observed Behavior
How long Crayon retains archived competitor website snapshots and whether monitored organizations can request deletion needs clarification
Customer Impact
What This Means For You
Organizations being monitored through Crayon face continuous automated surveillance of their entire public digital footprint. Pricing changes are detected and distributed to competitors within hours. Product launches and feature updates are catalogued as they appear. Job postings that reveal strategic priorities, technology stack decisions, and team expansion plans are systematically harvested. Support documentation changes that reveal product limitations or upcoming features are tracked. For organizations using Crayon themselves, the primary risk is strategic dependency on algorithmically curated competitive intelligence and the ethical implications of deploying systematic surveillance against competitors.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Crayon
- →- Assess whether your organization is likely being monitored through Crayon or similar competitive intelligence platforms by evaluating your competitive landscape and market visibility. - Review what strategic intelligence is exposed through your public digital footprint - pricing pages, job postings, support documentation, and product changelog may all be systematically harvested. - Implement deliberate information hygiene practices for public-facing content that may reveal strategic intent to competitive intelligence scrapers. - If deploying Crayon, establish ethical guidelines for competitive intelligence use and ensure compliance with web scraping regulations in relevant jurisdictions. - Monitor for unusual crawling patterns on your website that may indicate systematic competitive intelligence collection.
Negotiation Leverage
- →Crayon operates in the competitive intelligence market where data collection practices exist in a regulatory gray area. Key leverage points: (1) If your organization is a Crayon customer, demand transparency on which of your competitors are also Crayon customers and whether your data is inadvertently enriching their competitive intelligence. (2) Request explicit data handling policies for any personal information collected through web scraping. (3) Negotiate contractual restrictions on how Crayon uses aggregated competitive data from your account to benefit other customers or train AI models. (4) Verify GDPR compliance for EU-based competitor monitoring, particularly regarding the collection of personal professional data from public sources. Crayon's pricing is enterprise-level and opaque - request detailed breakdowns and benchmark against alternatives like Klue and Kompyte.
Runtime Detections
Runtime Detections
3 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C08Cross-Domain Sync
Identity stitching
IOC Manifest
IOC Manifest
103 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.crayon.co/_hcms/cookie-banner/auto-blocking.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/template_assets/1/*/*/template_main.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/template_assets/1/*/*/template_animate.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/template_assets/1/*/*/template_slick-min.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/module_assets/1/*/*/module_Logo_Auto_Scroll.js*
Tracking script
TRACK
*www.crayon.co/hs/cta/cta/current.js*
Tracking script
TRACK
*www.crayon.co/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js*
Tracking script
TRACK
*www.crayon.co/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/module_assets/1/*/*/module_Title_with_Testimonial_carousel.js*
Tracking script
TRACK
*www.crayon.co/hubfs/hub_generated/template_assets/1/*/*/template_jquery.countup.js*
Tracking script
TRACK
*www.crayon.co/hs/hsstatic/content-cwv-embed/static-1.*/embed.js*
Tracking script
TRACK
*www.crayon.co/hs/scriptloader/*.js*
Tracking script
TRACK
*www.crayon.co/hs/hsstatic/HubspotToolsMenu/static-1.624/js/index.js*
Tracking script
TRACK
*www.crayon.co/hs/cta/ctas/v2/public/cs/cta-loaded.js*
Tracking script
TRACK
www.crayon.co/_hcms/cookie-banner/auto-blocking.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/cta/cta/current.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/template_assets/1/52059889326/1769631108853/template_main.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/template_assets/1/101429758813/1769631118173/template_jquery.countup.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/template_assets/1/101542183092/1769631119159/template_animate.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/module_assets/1/123200155795/1755709787275/module_Logo_Auto_Scroll.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/template_assets/1/52155403159/1769631108850/template_slick-min.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hubfs/hub_generated/module_assets/1/195702832201/1757471791411/module_Title_with_Testimonial_carousel.min.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/scriptloader/2355195.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/hsstatic/HubspotToolsMenu/static-1.624/js/index.js
Auto-extracted from scan
TRACK
www.crayon.co/hs/cta/ctas/v2/public/cs/cta-loaded.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Crayon integrates with CRM platforms (Salesforce, HubSpot), sales enablement tools (Highspot, Seismic, Showpad), communication platforms (Slack, Microsoft Teams), and email systems. The platform commonly deploys alongside other competitive intelligence tools like Klue, Kompyte, and AlphaSense. Crayon's data feeds into product marketing workflows, sales battlecard systems, and strategic planning processes. The platform also connects with news aggregation services and social media monitoring tools to supplement its web scraping intelligence.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
103 detection signatures across scripts, domains, cookies, and network endpoints