All Vendors
deanon

ipapi.co

ipapi.co deploys behavioral biometrics and identity resolution via IP geolocation, with 65% broker exposure creating significant demand signal leakage through data resale to fraud prevention and advertising partners.

15 IOCs2 detections2 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what ipapi.co discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

2 detections across 2 sites
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Live website analysis pending

Customer Impact

What This Means For You

Sites deploying ipapi.co leak 65% of visitor location and device data to fraud prevention and advertising partners, subsidizing competitor targeting and account-based marketing. Tag manager integration enables tracking outside consent frameworks. IP geolocation creates GDPR consent exposure for EU visitors.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You're Evaluating ipapi.co

  • Server-side IP geolocation with no data sharing
  • MaxMind GeoLite2 (self-hosted, no third-party sharing)
  • Cloudflare geolocation headers (privacy-preserving)
  • Remove geolocation entirely if not business-critical

Negotiation Leverage

  • 65% broker score means visitor IP and location data shared with fraud prevention and advertising partners, subsidizing competitor intelligence
  • Tag manager integration (C15) enables deployment outside consent scope, creating GDPR strict liability
  • IP geolocation triggers ePrivacy Directive consent requirements for EU visitors
  • Behavioral biometrics via device fingerprinting create persistent tracking independent of cookie consent
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Device and network characteristics captured to build persistent fingerprints independent of cookie consent.

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

Impact: IP addresses matched to corporate databases and ISP records, enabling visitor de-anonymization and account-based marketing targeting.

BTI-C15Tag Manager

Container/loader (neutral)

Impact: ipapi.co loaded via Google Tag Manager or other containers, evading direct script blocking and consent management.

IOC Manifest

IOC Manifest

15 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

EXFIL
*ipapi.co/static/js/ip_3i.*.js*
Data collection endpoint
EXFIL
*ipapi.co/static/js/ip_jquery.*.js*
Data collection endpoint
EXFIL
ipapi.co/static/js/ip_3i.decb6770d020.js
Auto-extracted from scan
EXFIL
ipapi.co/static/js/ip_jquery.4f5a9ccb5fa3.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

ipapi.co competes in the IP intelligence market alongside MaxMind, IPinfo, and IPStack, positioning geolocation as infrastructure while monetizing data through advertising and fraud prevention partnerships.
Loads (1)
Stripe
Loaded By (1)
Equativ
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

15 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details