All Vendors
marketing_automation

WebEngage

WebEngage is an India-based full-stack customer engagement platform that deploys JavaScript SDKs, on-site overlays, behavioral tracking, and cross-channel orchestration (push, in-app, SMS, email, WhatsApp) directly on customer web properties, creating extensive GTM attack surface through persistent user identification and real-time behavioral profiling.

419 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what WebEngage discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

Pending Analysis

UNKNOWN
They Claim

Claims extraction pending

Observed Behavior

Awaiting scanner verification. Runtime behavioral analysis needed to confirm: (1) exact Anonymous ID creation timing relative to consent events, (2) cookie taxonomy including names, domains, and expiration periods, (3) full list of third-party endpoints contacted by the WebEngage SDK during page load, (4) on-site overlay injection method and DOM manipulation patterns, (5) web push service worker scope and permissions requested, and (6) data payload contents transmitted to WebEngage servers on each tracked event.

Customer Impact

What This Means For You

Organizations deploying WebEngage on their web properties are introducing one of the most comprehensive behavioral tracking and intervention systems available in the marketing automation category. Specific impacts: (1) Every visitor receives a persistent Anonymous ID from first page load, creating tracking profiles regardless of authentication state or consent status, (2) The on-site notification, survey, and overlay system injects WebEngage-controlled content directly into your web experience -- this content can collect additional data through survey responses and interaction tracking, (3) Behavioral data flows through up to nine channels (web, mobile, email, SMS, push, in-app, WhatsApp, Facebook, Instagram) into unified profiles, creating concentrated identity assets, (4) Integration connectors distribute this data to analytics, attribution, advertising, and storage platforms with potentially independent retention policies, and (5) The platform's real-time personalization engine means your customer experience is actively being modified by WebEngage's algorithms based on behavioral profiles your visitors may not know exist.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for WebEngage

  • - Verify WebEngage Anonymous ID creation timing: confirm no persistent identifiers are set before explicit consent is obtained from visitors - Audit all active WebEngage integrations and data connectors to map the complete data distribution footprint across your marketing stack - Review on-site overlay and survey configurations to ensure no additional personal data is collected through WebEngage-injected widgets without proper disclosure - Request WebEngage's complete sub-processor list and cross-reference against your published privacy notice's third-party disclosure section - Conduct independent HAR capture to document all network calls made by the WebEngage SDK during page load, including payload contents and destination endpoints

Negotiation Leverage

  • WebEngage's primary leverage points are the automatic Anonymous ID system and the breadth of its on-site intervention capabilities. When negotiating: (1) Demand contractual commitment that the Anonymous ID is not created until after explicit consent is obtained -- this is the single highest-risk behavior in their SDK, (2) Require a complete network call manifest documenting every endpoint the WebEngage SDK contacts during page load and ongoing session, (3) Negotiate limits on the on-site overlay and survey injection system -- specifically, require that no WebEngage-controlled content is injected into your web experience without per-campaign approval workflows, (4) Demand data residency commitments given WebEngage's India-based infrastructure -- for organizations subject to EU data protection requirements, confirm whether behavioral data transits through or is stored in jurisdictions without adequacy decisions, and (5) Require that integration marketplace connectors cannot be activated without explicit authorization, preventing new data distribution pathways from being created without your security team's review. WebEngage's ISO 27001 and SOC 2 certifications provide contractual hooks -- demand evidence that these certifications cover the specific data flows touching your customer data, not just their corporate infrastructure.
IOC Manifest

IOC Manifest

419 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*webengage.com/wp-content/plugins/wp-reading-progress/wp-reading-progress.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/webengage/assets/js/load-more.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/webengage/assets/js/results-empty-sections-hide.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/webengage/assets/js/main.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/webengage/assets/js/tiny-slider-min.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/essential-blocks/assets/js/eb-blocks-localize.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/astra/assets/js/minified/frontend.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/we-custom-geoip-groups/assets/js/we-custom-geoip-poc.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/we-custom-view-counter/assets/js/we-custom-view-counter.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/dist/dom-ready.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/astra-addon/assets/js/minified/purify.js*
Tracking script
TRACK
*webengage.com/wp-content/uploads/astra-addon/astra-addon-*-*.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/lib/dompurify/dompurify.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/modal-popups.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/powerpack-elements/assets/js/min/frontend-tooltip.js*
Tracking script
TRACK
*webengage.com/wp-content/themes/webengage/assets/js/home-custom.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/js/wpsisac-public.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/powerpack-elements/assets/lib/tooltipster/tooltipster.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/loop-grid-extender-for-elementor-pro/assets/js/select2.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/js/slick.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/frontend.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/loop-grid-extender-for-elementor-pro/assets/js/index.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.js*
Tracking script
TRACK
*webengage.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/accordion.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor-pro/assets/js/lottie.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/plugins/elementor/assets/js/image-carousel.*.bundle.js*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_4.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_5.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_7.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_3.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_1.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_2.json*
Tracking script
TRACK
*webengage.com/wp-content/uploads/*/06/ANI_6.json*
Tracking script
TRACK
*ssl.widgets.webengage.com/js/webengage-min-v-6.0.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/v4.js*
Tracking script
TRACK
*c.webengage.com/upf2.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda413.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/3k9e6d9.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~f05d4k5.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda402.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/3k9e6gb.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~f05d4l7.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda47g.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~5bjl9kb.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/i2l1klb.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~5bjla06.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~5bjl9ll.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~f05d4ej.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/3k9e6j5.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda4ad.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/d8h61ii.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~hg3c82.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~a61h730.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda4l4.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~hg3bie.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/8eda4k2.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/i2l1ljl.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~5bjl96j.js*
Tracking script
TRACK
*wsdk-files.webengage.com/webengage/*/~5bjl912.js*
Tracking script
TRACK
*ssl.widgets.webengage.com/js/jquery/jquery-1.3.2.js*
Tracking script
TRACK
*ssl.widgets.webengage.com/js/ga-integration.js*
Tracking script
TRACK
*c.webengage.com/e.jpg*
Tracking script
TRACK
webengage.com/wp-content/plugins/wp-reading-progress/wp-reading-progress.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/webengage/assets/js/load-more.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/webengage/assets/js/main.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/webengage/assets/js/results-empty-sections-hide.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/webengage/assets/js/tiny-slider-min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/essential-blocks/assets/js/eb-blocks-localize.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/astra/assets/js/minified/frontend.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/we-custom-geoip-groups/assets/js/we-custom-geoip-poc.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/we-custom-view-counter/assets/js/we-custom-view-counter.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/dist/dom-ready.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/uploads/astra-addon/astra-addon-68b70eb1e4e2a5-04760418.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/astra-addon/assets/js/minified/purify.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/themes/webengage/assets/js/home-custom.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/js/slick.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/js/wpsisac-public.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/lib/dompurify/dompurify.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/royal-elementor-addons/assets/js/modal-popups.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/loop-grid-extender-for-elementor-pro/assets/js/select2.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/loop-grid-extender-for-elementor-pro/assets/js/index.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/powerpack-elements/assets/lib/tooltipster/tooltipster.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/powerpack-elements/assets/js/min/frontend-tooltip.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.03caa53373b56d3bab67.bundle.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.8521a0597c50611efdc6.bundle.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/accordion.8b0db5058afeb74622f5.bundle.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor-pro/assets/js/lottie.a287ccfe024bea61e651.bundle.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/text-editor.45609661e409413f1cef.bundle.min.js
Auto-extracted from scan
TRACK
webengage.com/wp-content/plugins/elementor/assets/js/image-carousel.6167d20b95b33386757b.bundle.min.js
Auto-extracted from scan
TRACK
ssl.widgets.webengage.com/js/webengage-min-v-6.0.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/v4.js
Auto-extracted from scan
TRACK
c.webengage.com/upf2.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/8eda413.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/3k9e6d9.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/8eda402.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/~f05d4k5.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/3k9e6gb.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/~f05d4l7.js
Auto-extracted from scan
TRACK
wsdk-files.webengage.com/webengage/82617417/i2l1klb.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

WebEngage operates as both a CDP and campaign execution platform, integrating with a broad ecosystem of marketing and analytics tools. Key integrations include: analytics (Amplitude, Mixpanel, Google Analytics), mobile attribution (AppsFlyer, Branch), CDPs and data pipelines (Segment, RudderStack, Tealium, mParticle), cloud storage (Amazon S3), CRM systems, and advertising platforms (Facebook, Instagram). The platform also offers a Drupal module, Magento extension, and WordPress plugin for direct CMS integration. WebEngage's REST API enables server-side data ingestion from any backend system. The integration marketplace allows third-party developers to publish new connectors, continuously expanding the data distribution network. Primary deployment markets include India, Southeast Asia, Middle East, and Latin America, with growing presence in European and North American enterprise segments.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

419 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details