How This Briefing Works
This report opens with key findings, then maps the gaps between what impact.com discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
2 gaps
pending
UNKNOWN
They Claim
“Awaiting scanner verification”
Observed Behavior
Runtime analysis needed to confirm UTT payload size, cookie names and expiration windows, exact data fields transmitted per page view, and pre-consent script behavior.
pending
UNKNOWN
They Claim
“Cross-device graph persistence unknown”
Observed Behavior
Need to verify whether cross-device identity graph data persists after cookie consent withdrawal and what data retention policies apply to the identity graph.
Customer Impact
What This Means For You
Organizations running impact.com's UTT should understand that every page load generates data that feeds into a cross-device identity graph accessible to the affiliate partner ecosystem. Revenue teams relying on affiliate channel attribution may find that impact.com's model over-credits partner-driven conversions at the expense of organic or direct channels. Privacy and compliance teams face the challenge of accurately disclosing data sharing with an ever-changing roster of affiliate partners, as the specific third parties receiving user data shift with partner program changes. The broad data distribution surface means a single vendor relationship creates exposure to dozens or hundreds of downstream data recipients.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for impact.com
- →- Audit whether the UTT is loading on all pages or only conversion-relevant pages, and restrict deployment scope if possible. - Review impact.com's partner list quarterly to understand which third parties receive conversion data through the platform. - Evaluate server-to-server (API) tracking as an alternative to the client-side UTT to reduce browser-side data collection. - Ensure cookie consent mechanisms specifically disclose affiliate partner data sharing rather than bundling under generic marketing consent. - Request impact.com's data processing agreements covering cross-device identity graph data retention and sharing policies.
Negotiation Leverage
- →impact.com's value proposition depends on demonstrating affiliate-driven revenue, creating leverage for brands to demand transparency into what data the UTT collects, how long cross-device identity graph profiles persist, and which partners access conversion path data. Negotiate for contractual limits on data retention periods, require opt-out of cross-device graphing for EU/UK visitors, and demand audit rights over which affiliate partners receive your conversion data. The platform's shift toward server-side tracking is a positive signal — push for full migration off client-side UTT to reduce your attack surface.
IOC Manifest
IOC Manifest
69 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*impact.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.js*
Tracking script
TRACK
*impact.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*impact.com/wp-content/plugins/pixelyoursite/dist/scripts/public.js*
Tracking script
TRACK
*impact.com/wp-content/plugins/pixelyoursite/dist/scripts/js.cookie-2.1.3.js*
Tracking script
TRACK
*impact.com/wp-content/plugins/pixelyoursite/dist/scripts/tld.js*
Tracking script
TRACK
*impact.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*impact.com/wp-content/themes/impact/dist/vendor/scripts/vendor.js*
Tracking script
TRACK
*impact.com/wp-content/themes/impact/dist/theme/scripts/theme.js*
Tracking script
TRACK
*impact.com/wp-content/themes/impact/assets/js/email-blacklist.js*
Tracking script
TRACK
impact.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
impact.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/plugins/pixelyoursite/dist/scripts/js.cookie-2.1.3.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/plugins/pixelyoursite/dist/scripts/tld.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/plugins/pixelyoursite/dist/scripts/public.js
Auto-extracted from scan
TRACK
impact.com/wp-content/themes/impact/dist/vendor/scripts/vendor.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/themes/impact/dist/theme/scripts/theme.min.js
Auto-extracted from scan
TRACK
impact.com/wp-content/themes/impact/assets/js/email-blacklist.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
impact.com integrates with major e-commerce platforms (Shopify, Magento, Salesforce Commerce Cloud), tag managers (Google Tag Manager, Tealium), and CRM systems. It is commonly deployed alongside other marketing technology including analytics platforms, retargeting pixels, and conversion optimization tools. The platform manages relationships between brands and thousands of affiliate publishers, meaning impact.com's tracking infrastructure creates data pathways to a large and variable set of third-party recipients.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
69 detection signatures across scripts, domains, cookies, and network endpoints