All Vendors
sales_engagement

Freshsales

Freshsales is a CRM platform from Freshworks that deploys JavaScript tracking code on customer websites to capture visitor behavior, identify anonymous visitors via email-to-cookie matching, and embed invisible tracking pixels in every sales email. It transforms both web properties and email communications into behavioral surveillance infrastructure feeding a centralized lead scoring engine.

95 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Freshsales discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Awaiting scanner verification.

Customer Impact

What This Means For You

If you visit a website running Freshsales tracking code, your browsing behavior is being captured from the moment the page loads — pages viewed, time spent, content downloaded, and navigation patterns. If you subsequently fill out any form on that site, your entire prior browsing history is retroactively linked to your email address and identity. Every sales email you receive from a Freshsales user contains an invisible tracking pixel that reports when you open the email, how many times you re-open it, and what links you click. This data feeds a lead scoring model that determines how aggressively you will be pursued. You have no visibility into this tracking and no mechanism to opt out of email beacon monitoring.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Freshsales

  • Audit your email client settings to disable automatic image loading, which neutralizes Freshsales email tracking pixels. Use privacy-focused browsers or extensions that block third-party tracking scripts when visiting vendor websites. Be aware that form submissions on tracked sites trigger retroactive identity resolution of your browsing history. Review whether vendors in your supply chain deploy Freshsales tracking code on their customer-facing properties. For organizations using Freshsales internally, audit whether the tracking code deployment complies with your jurisdiction's consent requirements.

Negotiation Leverage

  • Freshsales' tracking architecture creates clear regulatory exposure for organizations deploying it, particularly in GDPR jurisdictions where pre-consent tracking and invisible email beacons lack legal basis. When negotiating with organizations using Freshsales, request disclosure of all tracking technologies deployed on their web properties. Leverage the retroactive identity resolution feature as a specific compliance concern — data collected from anonymous visitors attributed to identities post-hoc lacks the consent basis required under GDPR Article 6. Freshworks faces competition from Salesforce, HubSpot, and Pipedrive, all of which offer similar CRM capabilities with varying tracking approaches. Use competitive alternatives as leverage to demand tracking transparency.
IOC Manifest

IOC Manifest

95 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.freshworks.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/vendors-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/contentful-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/materialui-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/uAnUrCntjo9OU4V76syaX/_ssgManifest.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/uAnUrCntjo9OU4V76syaX/_buildManifest.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/755-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/framer-motion-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/styled-components-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/553-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/234-*.js*
Tracking script
TRACK
*www.freshworks.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-*.js*
Tracking script
TRACK
*www.freshworks.com/assets/js/session.js*
Tracking script
TRACK
*website-assets-fw.freshworks.com/restricted-domains.json*
Tracking script
TRACK
*go.freshworks.com/js/forms2/js/forms2.js*
Tracking script
TRACK
www.freshworks.com/_next/static/chunks/webpack-d87d65d08720e435.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/framework-b3802df6cb251587.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/vendors-dfb0798cad4d152f.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/main-0d929bfa2708b416.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/materialui-c4a65635a487c647.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/contentful-10c3a9dd5093977c.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/styled-components-eccb383a98e15642.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/pages/_app-470e41916ee634f4.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/framer-motion-70271463f2c24c6e.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/755-f874772ca1aa0341.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/234-60b5adba7d81d78a.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/553-e5c85529e5375fab.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-c6ee1fb174162d50.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/uAnUrCntjo9OU4V76syaX/_buildManifest.js
Auto-extracted from scan
TRACK
www.freshworks.com/_next/static/uAnUrCntjo9OU4V76syaX/_ssgManifest.js
Auto-extracted from scan
TRACK
go.freshworks.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
www.freshworks.com/assets/js/session.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Freshsales is part of the broader Freshworks ecosystem including Freshmarketer (marketing automation), Freshdesk (support), and Freshchat (messaging). The CRM integrates with email providers (Gmail, Outlook), calendar systems, telephony providers, and major third-party tools via marketplace integrations. Freshsales connects to Zapier and native APIs for CRM data sync with other platforms. Website tracking data feeds into Freshmarketer for marketing automation, creating a cross-product behavioral profile. The platform is commonly deployed by SMB and mid-market sales teams alongside tools like Mailchimp, Calendly, and various form builders that feed data into the Freshsales tracking ecosystem.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

95 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details