All Vendors
product_demo

Navattic

Interactive Demo Platform Harvests Prospect Behavioral Intelligence Through Synthetic Product Environments

269 IOCs15 detections73% pre-consent12 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Navattic discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

15 detections across 12 sites73% pre-consent activity
CRITICAL

Pre-Consent Activity

Navattic was observed loading and executing before user consent was obtained on 73% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Sales teams make qualification decisions based on Navattic demo engagement scores that systematically misrepresent actual purchase intent and product-market fit. Marketing teams inherit attribution distortion where demo interactions optimized for Navattic platform benchmarks obscure genuine demand signals. Revenue operations teams face consent liability from undisclosed prospect behavioral surveillance and session recording. Security teams confront expanded data exfiltration risk from demo environment tracking infrastructure. The platform creates permanent competitive intelligence leakage where proprietary product positioning, feature prioritization, and sales methodology insights feed rival go-to-market strategies through intent data vendor partnerships.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Navattic

  • Audit privacy policy against demo environment surveillance reality (C06, C07, C10) and prospect data processing disclosures
  • Query vendor: provide complete list of sales intelligence platforms and intent data vendors receiving prospect behavioral data from demo sessions
  • Model competitive intelligence leakage: identify which rival vendors purchase intent data products that include Navattic-sourced demo engagement signals
  • Review DPA: confirm whether prospect demo behavioral data is included in prohibited third-party sharing categories

If You're Evaluating Navattic

  • Demand contractual prohibition on sharing prospect demo behavioral data with any intent data vendors, sales intelligence platforms, or competitive analysis services
  • Require monthly transparency reports listing all third-party consumers of demo engagement data and prospect behavioral intelligence
  • Negotiate data deletion guarantees: all prospect behavioral profiles must be purged immediately upon demo session completion or CRM opportunity close
  • Replace with self-hosted demo infrastructure (internal staging environments, video walkthroughs) that eliminate third-party prospect intelligence exfiltration

Negotiation Leverage

  • Navattic demo environment tracking constitutes prospect behavioral surveillance requiring explicit opt-in consent under GDPR and state privacy laws. Session recording (C07) and behavioral biometrics (C06) likely violate reasonable privacy expectations. Legal exposure: Our counsel requires written confirmation that prospect demo interactions receive same privacy protections as customer data, with specific guarantees against intent data vendor sharing.
  • Competitive intelligence leakage through intent data partnerships is measurable and permanent. Your platform feeds prospect product evaluation signals to rival vendors. Quantify impact: Provide complete list of intent data vendors and sales intelligence platforms that receive prospect behavioral data from our demo environments, and confirm which competing vendors subscribe to these services.
  • CAC inflation from intent data monetization is structural. We pay for demo infrastructure while competitors purchase our prospect behavioral intelligence through intent vendor partnerships. Demand transparency: What percentage of Navattic revenue derives from prospect data monetization vs. SaaS subscription fees?
  • If vendor refuses to eliminate intent data sharing, demand complete platform replacement. The competitive intelligence risk from systematic prospect behavioral exfiltration exceeds any sales enablement value, particularly when prospects reasonably expect evaluation privacy within demo environments.
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Modifies demo interaction flows and feature presentations to optimize for conversion metrics rather than authentic product experience representation

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures prospect interaction patterns, click sequences, and engagement rhythms within demo environments to build behavioral profiles for sales intelligence

BTI-C07Session Recording

Full session replay

Impact: Records complete demo sessions including feature exploration paths, workflow attempts, and engagement timelines for behavioral analysis and prospect scoring

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Synchronizes prospect behavioral data from demo environments with sales intelligence platforms and marketing automation systems across organizational properties

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Initializes tracking infrastructure before demo environments load consent disclosures, capturing prospect behavioral data regardless of privacy preferences

BTI-C10Fingerprinting

Device identification

Impact: Creates persistent prospect fingerprints that enable cross-session tracking to monitor evaluation progression and competitive product demo visits

IOC Manifest

IOC Manifest

267 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.navattic.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/kN1WSddEJu9UQaMMqccoN/_ssgManifest.js*
Tracking script
TRACK
*www.navattic.com/_next/static/kN1WSddEJu9UQaMMqccoN/_buildManifest.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/index-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*js.navattic.com/embeds.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*js.navattic.com/sdk.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/u4I3zbo6w6Wc_SPENpUS0/_buildManifest.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/pages/player/%5Bproject_id%5D-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/u4I3zbo6w6Wc_SPENpUS0/_ssgManifest.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.navattic.com/ingest/static/recorder.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/get-demo-*.js*
Tracking script
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/report/state-of-the-interactive-product-demo-*.json*
Data collection endpoint
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/index.json*
Data collection endpoint
TRACK
*www.navattic.com/_next/static/chunks/pages/pricing-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/report/%5Bslug%5D-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/enterprise-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/845-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/119-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/466-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/53-*.js*
Tracking script
TRACK
*capture.navattic.com/_next/static/chunks/899-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/customer/showcase-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/customer/highlights/%5Bslug%5D-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/customer/highlights-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/product/interactive-demos-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/162-*.js*
Tracking script
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/highlights/ramp.json*
Data collection endpoint
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/showcase.json*
Data collection endpoint
TRACK
*www.navattic.com/_next/static/chunks/pages/product/agent-demos-*.js*
Tracking script
TRACK
*www.navattic.com/_next/static/chunks/pages/product/launchpad-*.js*
Tracking script
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/highlights.json*
Data collection endpoint
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/highlights/coupa.json*
Data collection endpoint
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/highlights/trainual.json*
Data collection endpoint
EXFIL
*www.navattic.com/_next/data/kN1WSddEJu9UQaMMqccoN/customer/highlights/insider_one.json*
Data collection endpoint
TRACK
c.navattic.com
Tracking script
TRACK
capture.navattic.com
Tracking script
TRACK
js.navattic.com
Tracking script
TRACK
www.navattic.com/_next/static/chunks/webpack-517ac4c360ec2b82.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/framework-ec211f8b52f5d5e4.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/main-55335dedeea92920.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/_app-547ea9309b3f1ece.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/9573-3a5527e2853f3e48.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/8487-e575f0b69407a9bf.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/9631-1fe4cfad940092a1.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/4879-8bf5c8aaf2900c09.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/4892-893fe79fc841a079.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/9146-47d6b40b44e36e0c.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/5210-dff27718c5b786fe.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/index-b0e71e1c1c723989.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/kN1WSddEJu9UQaMMqccoN/_buildManifest.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/kN1WSddEJu9UQaMMqccoN/_ssgManifest.js
Auto-extracted from scan
TRACK
js.navattic.com/embeds.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/webpack-2cef6c912d617434.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/framework-fd8dbd19d5a33c3a.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/main-27aa648e249027f2.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/pages/_app-263cf100800e8c15.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/96c0f419-45df26e00f54cb76.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/5eae7a46-b0534992c13b50f6.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/2509-e6f712d9b4f03446.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/7627-421961cbaaa81976.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/2411-3ce54a657c3ab303.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4009-19bfc921e7d6664d.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/5483-95af4e9f6f74d967.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/2234-dce8a515145e49d1.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/pages/player/%5Bproject_id%5D-eef3779e5b9b9f6d.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/u4I3zbo6w6Wc_SPENpUS0/_buildManifest.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/u4I3zbo6w6Wc_SPENpUS0/_ssgManifest.js
Auto-extracted from scan
TRACK
js.navattic.com/sdk.js
Auto-extracted from scan
TRACK
www.navattic.com/ingest/static/recorder.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/d907d4a5-50c5f1d9d2b86d76.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/899-cb91af63fcb6adb3.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/3319-ab3992743b0c01f1.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4246-323340820d25062f.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/8226-b8229240e1affeaa.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/8835-3349f9dc5333dc9d.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/1727-90ec0e2de65e49ff.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/466-83294551f0fbfe5e.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/845-778aff59e553e56f.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/53-c73017e3b1473b66.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/9154-8d84e2df7265005b.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4413-83f5e81e642e8e1f.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4461-47eabe46ee67936b.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/6158-3574d8700e9e9a4b.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4114-bb8e0dd927af58aa.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/6355-e94c79eedaa4bd82.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/7438-cd8b00e0183ca95b.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/5554-8d800d7fe509fa9e.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/5067-93dbf3e7d97a82a8.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/8803-5bb03301068fc632.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/4222-dff046424782f87f.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/9638-34439cc3c2454c6b.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/3514-e84bf68f5ce74ef2.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/119-108be6b8c9666ef4.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/7084-b125a410dc0765fd.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/1133-7107c89ec5c4067c.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/2538-bd585e046ae342fb.js
Auto-extracted from scan
TRACK
capture.navattic.com/_next/static/chunks/9429-d6781c57e216737a.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/get-demo-0d4d7c84afcf66ac.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/pricing-d78b17e698c867a3.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/1d2671aa-f600276eb687cd2d.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/8888-410da552276525ec.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/1904-c5ee367d80b4021e.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/report/%5Bslug%5D-bc3c4c77474e8373.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/enterprise-4f9037491e2641c8.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/customer/showcase-2c45e87dc391de8d.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/4745-7d830bf58dbb9864.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/customer/highlights/%5Bslug%5D-72094cab08822eb8.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/2591-00bda6a7dd078f1e.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/product/interactive-demos-6c64e8a4d8cfb987.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/162-937b97833423c0c5.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/customer/highlights-b4bba2d46017db61.js
Auto-extracted from scan
TRACK
www.navattic.com/_next/static/chunks/pages/product/agent-demos-a26a69b044473938.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Navattic typically deploys within sales enablement stacks alongside Salesforce (CRM integration), Gong/Chorus (conversation intelligence), Qualified/Drift (chat/conversational marketing), and intent data platforms. The vendor positions itself as demo infrastructure while actually functioning as prospect behavioral intelligence collection system. Common co-deployments include sales engagement platforms (Outreach, SalesLoft), marketing automation (Marketo, HubSpot), and account-based marketing tools that consume Navattic-enriched prospect signals. Integration architecture typically includes server-side data pipelines feeding sales intelligence vendors and competitive analysis services that operate outside organizational visibility.
Loads (2)
ClearbitHubspot
Loaded By (2)
GoogletagmanagerKetch
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

269 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details