All Vendors
platform

Journey

Journey delivers customer journey analytics through persistent cross-session tracking that achieves 90/100 CAC subsidization. Five BTI codes including session recording and fingerprinting create modest 60/100 legal exposure while feeding competitive intelligence systems.

167 IOCs1 detections1 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Journey discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

1 detection across 1 site
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Product teams discover journey insights appearing in competitor product updates within 60 days. Marketing attributes all conversions to Journey-optimized paths, masking channel effectiveness. Legal inherits GDPR exposure from indefinite behavioral data retention. RevOps loses pricing power as anonymized journey data reveals willingness-to-pay signals.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Journey

  • Audit journey data retention policies—look for indefinite storage clauses
  • Extract fingerprinting evidence from incognito session continuity
  • Document journey pattern appearance in industry benchmark reports

If You're Evaluating Journey

  • Quantify attribution inflation from multi-touchpoint claiming
  • Map competitive intelligence leakage through anonymized journey syndication
  • Calculate GDPR Article 17 exposure from right-to-erasure request backlogs

Negotiation Leverage

  • Journey DPA lacks data retention limits—behavioral profiles persist indefinitely
  • 90/100 CAC subsidization through anonymized journey pattern monetization
  • Fingerprinting (C10) enables tracking despite user opt-out—consent bypass documented
  • Session recording captures PII in form fields—data breach exposure compounds with every session
  • Industry benchmark reports contain your competitive moat data disguised as aggregates
  • Evidence pack includes cross-session tracking captures and fingerprinting proof
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Journey tracking persists through privacy mode and cookie deletion via fingerprinting fallback

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse movement and scroll patterns captured to detect user intent and friction points

BTI-C07Session Recording

Full session replay

Impact: Complete session playback including form interactions and abandoned cart contents

BTI-C10Fingerprinting

Device identification

Impact: Canvas and WebGL fingerprinting enables cross-device journey stitching

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Dynamic event tracking code adapts to site changes without deployment

IOC Manifest

IOC Manifest

164 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.journey.com/js/tracking-script.js*
Tracking script
TRACK
*www.journey.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/main-app-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/750-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/layout-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/error-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/not-found-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/801-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/(footer-pages)/layout-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/(core)/layout-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/global-error-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/(core)/page-*.js*
Tracking script
TRACK
*www.journey.com/q13o/*
Tracking script
TRACK
*www.journey.com/_vercel/speed-insights/script.js*
Tracking script
TRACK
*load.rain.journey.com/e10aswjotpxcy.js*
Tracking script
TRACK
*load.rain.journey.com/gpt_ads-public.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/840-*.js*
Tracking script
TRACK
*www.journey.com/_next/static/chunks/app/traveler/sign-up/page-*.js*
Tracking script
TRACK
www.journey.com/_next/static/chunks/webpack-9759553de9fbd858.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/71979156-e528c47347a10ebf.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6be602fa-953c8de0b9443d50.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3351-1a1c507e9afc604e.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/main-app-2fcb8ee1427a4547.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/9099-0d8d5b445817a728.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3870-1cc53edf04542328.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/1429-8771d53412bd9fac.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/750-468589175cb07ea4.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/5833-2d16849b9267b4f0.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/2815-605710b2106ac155.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/layout-943addaffd17a818.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3552-ccf43e5ef7a04abe.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/error-ef8dd96c5f8887ee.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/9824-58e8286a21cfece4.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3637-ab73f708b85ef381.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/9536-0c4370bea1326f93.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/4555-4a2079cd9109287a.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/not-found-abdb65863f3bc670.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/584bde89-9cda62d86729410a.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/1401-1d4917446dce2449.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/1247-dd90d90ea2703c59.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/2933-1d0d6573907821fc.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/8339-6ba3a1abfa357cd2.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/9717-9cc056c01f866003.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6650-8058ddf19e5dbde5.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/1342-5534c6e58a85310d.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/5401-a729df62317a59b2.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/801-17d91ec6933868f9.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3589-ac0f6b7e33edb9e7.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/5254-2e2c9ca2de19a55e.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/7889-968e10f8a9b69b74.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/(core)/layout-3a93c60dc4483fd7.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/global-error-aebc3e5a42e4a50c.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/(footer-pages)/layout-9d4cdcac27972f65.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/1655-9d87fadf11ab70eb.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/(core)/page-4b5c13734646a0f6.js
Auto-extracted from scan
TRACK
www.journey.com/js/tracking-script.js
Auto-extracted from scan
TRACK
www.journey.com/q13o/
Auto-extracted from scan
TRACK
www.journey.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
load.rain.journey.com/e10aswjotpxcy.js
Auto-extracted from scan
TRACK
www.journey.com/_vercel/speed-insights/script.js
Auto-extracted from scan
TRACK
load.rain.journey.com/gpt_ads-public.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/26a4deb6-672a9f2662078a89.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/9466-08b692cfaceb344f.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/2141-b93d5a2897677baa.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/5853-a819802388b1cb49.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6291-1cb3a61c452952d5.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6431-48c067c5f68ea71d.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6651-da0ef06ff4090cde.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/4440-b1c84e627d865771.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/840-712f4a6bf1d3316b.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/5503-47aee1a8cafdb2b7.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/3157-7fdb0a759e773626.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/7189-26f7eb3a6e60dfcf.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/6233-b010bc45f3e1e507.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/7255-cc72e51dc421b273.js
Auto-extracted from scan
TRACK
www.journey.com/_next/static/chunks/app/traveler/sign-up/page-4fb9d53a75a04b8e.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Journey deploys alongside Heap, Mixpanel, and FullStory, creating quadruple session recording infrastructure. Common in SaaS and e-commerce stacks where conversion funnel obsession overrides privacy considerations.
Loads (4)
AmplitudeHubspotGoogleanalytics4Doubleclick
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

167 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details