How This Briefing Works
This report opens with key findings, then maps the gaps between what LogRocket discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
3 detections across 3 sites
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Unknown”
Observed Behavior
Requires claims extraction via CDT
Customer Impact
What This Means For You
Engineering teams discover bugs appearing in competitor products within weeks of LogRocket capture. Product discovers feature ideas in competitor releases. Legal inherits maximum GDPR exposure from PII in session replays. Security faces data breach amplification as session captures include authentication tokens and API keys.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use LogRocket
- →Audit session replay data for PII exposure—forms, API responses, console logs all captured
- →Extract cross-session tracking evidence showing fingerprinting persistence
- →Map engineering insights to competitor product feature releases
If You're Evaluating LogRocket
- →Quantify PII exposure from form inputs and API responses in session replays
- →Calculate engineering intelligence monetization (your bugs, their insights revenue)
- →Document GDPR Article 32 violations from inadequate security in replay data storage
Negotiation Leverage
- →LogRocket session replays contain PII—forms, API responses, console logs captured in full
- →100/100 CAC subsidization through anonymized engineering intelligence syndication
- →Cross-domain sync (C08) stitches sessions across all properties—comprehensive surveillance
- →Fingerprinting (C10) persists identity despite user privacy actions—consent bypass documented
- →Redux state capture exposes application architecture and business logic to competitors
- →90/100 legal exposure—GDPR Article 5 violations from excessive data capture certain
- →Evidence pack includes session replays showing PII exposure and fingerprinting proof
Runtime Detections
Runtime Detections
7 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
Impact: Session recording bypasses browser privacy controls through DOM mutation observation
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
Impact: Mouse movement, scroll patterns, and interaction timing captured for rage click detection
BTI-C07Session Recording
Full session replay
Impact: Pixel-perfect replay captures all screen content including PII in forms and API responses
BTI-C08Cross-Domain Sync
Identity stitching
Impact: Session stitching across domains and applications creates comprehensive user journey capture
BTI-C10Fingerprinting
Device identification
Impact: Device fingerprinting persists session identity across cookie deletion and privacy modes
BTI-C13Persistence Mechanisms
Long-lived identifiers
Impact: Redux state and local storage capture enables session reconstruction months later
BTI-C15Tag Manager
Container/loader (neutral)
Impact: Dynamic instrumentation adapts capture to application changes without redeployment
IOC Manifest
IOC Manifest
203 INDICATORS
Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.logrocket.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/a8bq8RAfLNCilR-0ew1aO/_buildManifest.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/a8bq8RAfLNCilR-0ew1aO/_ssgManifest.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/index-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/*.*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/459.*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/127.*.js*
Tracking script
TRACK
*www.logrocket.com/js/setup-factors.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/331.*.js*
Tracking script
TRACK
*www.logrocket.com/js/setup-intercom-monitoring.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/311.*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/pricing-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/request-demo-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/customers-*.js*
Tracking script
TRACK
*staging.logrocket.com/LogRocket.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/403.*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/galileo-ai-*.js*
Tracking script
TRACK
*www.logrocket.com/js/setup-sentry.js*
Tracking script
EXFIL
*www.logrocket.com/_next/data/a8bq8RAfLNCilR-0ew1aO/index.json*
Data collection endpoint
EXFIL
*www.logrocket.com/_next/data/a8bq8RAfLNCilR-0ew1aO/products/galileo-ai.json*
Data collection endpoint
EXFIL
*www.logrocket.com/_next/data/a8bq8RAfLNCilR-0ew1aO/customers.json*
Data collection endpoint
TRACK
*staging.logrocket.com/logger.js*
Tracking script
TRACK
*www2.logrocket.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*www2.logrocket.com/index.php/form/getForm*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/product-analytics-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/ai-issues-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/session-replay-*.js*
Tracking script
EXFIL
*www.logrocket.com/_next/data/a8bq8RAfLNCilR-0ew1aO/products/session-replay.json*
Data collection endpoint
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/ux-analytics-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/ai-error-tracking-*.js*
Tracking script
TRACK
*www.logrocket.com/_next/static/chunks/pages/products/performance-monitoring-*.js*
Tracking script
TRACK
cdn.logrocket.io
Tracking script
TRACK
cdn.lr-ingest.io
Tracking script
TRACK
www.logrocket.com/_next/static/chunks/webpack-5efc7e941a89e125.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/framework-47e1ff620d7adf85.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/main-5bf646a2e94b0bec.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/_app-4e5a26f07be9117f.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/31d4e3d1-ec756c6e5103bf9a.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/6428-3a154bb87ec6b49f.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/3211-2a2040287c5d1335.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/2391-ae8f39c3a2784d7f.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/6215-a389bf2b60f8642b.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/5290-9224058c050704fc.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/5455-d23de16ce642c5d3.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/index-522edd305ecda55c.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/a8bq8RAfLNCilR-0ew1aO/_buildManifest.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/a8bq8RAfLNCilR-0ew1aO/_ssgManifest.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/127.07314b4f88cf068e.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/4204.2b3b73df49b19846.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/403.4ea58bb1b6b75a67.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/311.f93f5914512c22a8.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/7673.913e01b5c5880058.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/459.68525d1ce7aa0fae.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/6731.bb3d0d7a24e2de12.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/331.a2d37bbecdbb324a.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/6866.7696756e93fd261b.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/4175.5fcd970b4cbdc69a.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/5898.d35cd4bc1bf5455f.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/7079.bb9a0efaa42450d6.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/2169.219869a4f6dcc29c.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/6816.ea8378449bcb311c.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/7114.6b4e6a836370ea24.js
Auto-extracted from scan
TRACK
staging.logrocket.com/LogRocket.min.js
Auto-extracted from scan
TRACK
www.logrocket.com/js/setup-sentry.js
Auto-extracted from scan
TRACK
www.logrocket.com/js/setup-intercom-monitoring.js
Auto-extracted from scan
TRACK
www.logrocket.com/js/setup-factors.js
Auto-extracted from scan
TRACK
staging.logrocket.com/logger.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/request-demo-902593e9ee39d033.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/customers-656d5eb62a1d910d.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/5091-772144749175c4ae.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/pricing-b654a545f6a12bc5.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/galileo-ai-b4dc1408e1e2b02f.js
Auto-extracted from scan
TRACK
www2.logrocket.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
www2.logrocket.com/index.php/form/getForm
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/9824-c5b8f1e51bdcb883.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/product-analytics-1804c1ed8965846d.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/ai-issues-249c24e8e718297d.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/session-replay-6640d1718a995a76.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/ux-analytics-39b697b7f04731e2.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/ai-error-tracking-81b9641390fe5fa3.js
Auto-extracted from scan
TRACK
www.logrocket.com/_next/static/chunks/pages/products/performance-monitoring-ca2cba6cf67c4254.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
LogRocket commonly deploys alongside FullStory and Hotjar, triplicating session replay infrastructure. Integration with Sentry and Datadog creates redundant error monitoring that compounds PII exposure risk.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
206 detection signatures across scripts, domains, cookies, and network endpoints