All Vendors
attribution

RedTrack

RedTrack is a performance marketing analytics vendor that combines server-side tracking, first-party cookies, and ad network API integrations to track conversions across channels, explicitly positioning its infrastructure to bypass ad blockers and cookie restrictions.

124 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what RedTrack discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

2 gaps

pending

MEDIUM
They Claim

Cookieless tracking solution

Observed Behavior

Awaiting scanner verification of Universal Tracking Script behavior, first-party cookie patterns, and server-side data flows at runtime

pending

MEDIUM
They Claim

GDPR-compliant IP obfuscation

Observed Behavior

Scope of data collection beyond IP addresses needs direct observation to fully characterize

Customer Impact

What This Means For You

Organizations deploying RedTrack face three primary risks: (1) Competitive intelligence leakage — revenue and conversion data from Stripe, Shopify, and other platforms flows through RedTrack to ad networks, effectively sharing business performance benchmarks with platforms that serve competitors. (2) Compliance liability — server-side tracking infrastructure designed to bypass user privacy tools creates regulatory exposure under GDPR, CCPA, and the ePrivacy Directive, with liability falling on the data controller. (3) Measurement dependency — once ad platform algorithms are trained on RedTrack's conversion signals and media buying workflows are built around RedTrack's reporting, switching vendors requires re-establishing all conversion tracking and re-training ad algorithms, creating significant operational lock-in.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for RedTrack

  • - Audit the Universal Tracking Script to understand exactly what data is collected client-side and what is processed server-side, including all cookie patterns and identifier mechanisms. - Map conversion data flows to each connected ad network to understand what business intelligence (revenue, conversion rates, product data) is being shared externally via CAPI and S2S postbacks. - Evaluate whether server-side tracking operates on visitors who have declined consent or deployed ad blockers, and assess compliance implications under applicable privacy regulations. - Review data retention policies for the 30+ data points captured per click, particularly for GDPR-covered visitors where IP obfuscation is applied. - Establish independent conversion measurement to validate RedTrack's attribution against directly observed outcomes.

Negotiation Leverage

  • Leverage: RedTrack's ad blocker bypass capability is a compliance liability for customers — negotiate for indemnification covering regulatory actions arising from server-side tracking of users who have deployed privacy tools. The platform's role as a data intermediary between revenue platforms and ad networks means your business performance data flows to third parties; demand granular control over what data is shared with which platforms.
  • Key questions: What specific data points from the 30+ captured per click are sent to ad platforms via CAPI? Can customers restrict revenue and transaction data from flowing to ad networks? Does server-side tracking continue for visitors who have declined consent? What data does RedTrack retain independently of connected platforms, and for how long? How is IP obfuscation implemented for GDPR countries?
  • Contractual protections: Require the ability to disable ad blocker bypass functionality while retaining standard attribution. Include data deletion upon termination covering all 30+ data points and any derived analytics. Negotiate for customer approval before RedTrack adds new ad platform integrations that would receive your data. Ensure the DPA explicitly covers server-side tracking as a distinct processing activity requiring its own lawful basis.
IOC Manifest

IOC Manifest

124 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.redtrack.io/static/js/g2-rating.js*
Tracking script
TRACK
*www.redtrack.io/static/js/faq-tabs.js*
Tracking script
TRACK
*www.redtrack.io/static/js/header-menu.js*
Tracking script
TRACK
*www.redtrack.io/static/js/footer-menu.js*
Tracking script
TRACK
*www.redtrack.io/static/js/g2-slider.js*
Tracking script
TRACK
*www.redtrack.io/static/js/ref-cookies.js*
Tracking script
TRACK
*www.redtrack.io/static/js/contact-form.js*
Tracking script
TRACK
*www.redtrack.io/static/js/vendor.swiper.js*
Tracking script
TRACK
*www.redtrack.io/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*www.redtrack.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/*/main.js*
Tracking script
TRACK
*www.redtrack.io/static/js/iti-utils.js*
Tracking script
TRACK
www.redtrack.io/static/js/header-menu.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/g2-rating.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/vendor.swiper.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/g2-slider.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/faq-tabs.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/contact-form.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/footer-menu.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/ref-cookies.min.js
Auto-extracted from scan
TRACK
www.redtrack.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.redtrack.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Auto-extracted from scan
TRACK
www.redtrack.io/static/js/iti-utils.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

RedTrack integrates across the entire performance marketing stack: ad networks (Meta, Google, TikTok, Bing, and 10+ others), revenue platforms (Shopify, Stripe, ClickBank, ClickFunnels, Ringba), and search feed providers. The platform syncs ad spend every 5 minutes from connected accounts and sends conversion/revenue data back via CAPI and S2S postbacks. This bidirectional data flow positions RedTrack as a central hub where campaign cost data from ad networks meets revenue outcome data from payment and e-commerce platforms. Each integration creates a data sharing relationship where business performance metrics — conversion rates, revenue figures, cost per acquisition — flow to advertising platforms with their own data usage and retention policies.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

124 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details