OSINT · ownership signals

Website tracking ID lookup

Read the analytics, tag-manager, ad, and pixel IDs a site exposes in its homepage — the codes that can quietly link one operator's network of sites together.

What are tracking IDs, and why do they matter?

Almost every website carries a handful of invisible identifiers — small strings of letters and numbers that tie the site to an analytics account, an advertising account, or a marketing platform. Individually they are mundane plumbing. Collectively, they are one of the most powerful tools in open-source investigation, because the same person often reuses the same account across every site they run.

When someone builds ten websites, they rarely create ten separate Google Analytics accounts. They copy the same measurement snippet into all of them, because it's easier and because all the traffic data flows into one dashboard they already own. That convenience leaves a fingerprint. If two apparently unrelated domains carry the identical Google Analytics ID or the same AdSense publisher ID, it is strong evidence they share an owner — far stronger than a shared web host or IP address, which countless unrelated sites sit behind by coincidence.

This is why investigators, journalists, brand-protection teams, and fraud analysts look at tracking IDs first. A scammer will change registrars, swap hosting providers, hide behind privacy protection, and rotate domain names — but forget that every one of their lookalike sites still phones home to the same analytics account. The tool above reads the IDs a site exposes directly in its homepage HTML, so you can see those signals for yourself.

The tracking IDs this tool detects

Google Analytics 4 (GA4)

Format: G-XXXXXXXXXX

Google Analytics is the most widely deployed website analytics platform in the world, and its current version, GA4, identifies each data stream with a measurement ID that always begins with G- followed by ten alphanumeric characters. This ID is embedded in the gtag.js snippet that a site owner pastes into their pages, so it is usually visible in the raw HTML.

Because a single GA4 property can collect data from multiple websites, the same G- ID appearing across different domains is a clear indication those sites report into one analytics account — and therefore one owner or organisation. GA4 replaced the older Universal Analytics in mid-2023, so newer sites carry a G- ID while older or unmaintained ones may still show the legacy format below.

Universal Analytics (legacy)

Format: UA-XXXXXXXX-X

Before GA4, Google Analytics used Universal Analytics, whose tracking IDs begin with UA-, followed by an account number and a property suffix — for example UA-123456-1. Google stopped processing new data in Universal Analytics in July 2023, but the IDs still linger in the source code of countless sites that were never updated.

For an investigator, a stale UA- ID is a gift: the account-number portion (the digits between the dashes) is shared across every property in that account, so two domains showing UA-123456-1 and UA-123456-7 belong to the same Analytics account even though the full IDs differ. That shared middle number is a durable ownership link that predates the site's current disguise.

Google Tag Manager (GTM)

Format: GTM-XXXXXXX

Google Tag Manager is a container that lets marketers load and manage many tags — analytics, ads, remarketing, conversion tracking — without editing the site's code each time. Its container ID begins with GTM-. A shared GTM container ID across sites is an especially strong ownership signal, because a GTM container is centrally managed from one Google account and typically deployed across a single owner's properties.

One nuance worth knowing: because GTM injects other tags at runtime, a site using GTM may not expose its underlying analytics or ad IDs in the static HTML — those get loaded by the container after the page runs. So a site can show a GTM- ID while hiding the GA or ad IDs behind it. The container ID itself, however, is right there in the HTML.

Google AdSense

Format: ca-pub-XXXXXXXXXXXXXXXX

AdSense is Google's programme for displaying ads on a publisher's site, and every publisher is assigned a single publisher ID beginning with ca-pub- followed by sixteen digits. Crucially, a publisher ID belongs to a Google account, and Google requires that the same ID be used across all of a publisher's sites so revenue can be attributed and paid out correctly.

This makes the AdSense publisher ID one of the single most reliable ownership fingerprints on the web. Two sites carrying the same ca-pub- number are, almost without exception, monetised by the same account holder. Networks of low-quality content sites, made-for-advertising domains, and scam sites are frequently unmasked precisely because the operator reused one AdSense account across the whole network to collect the money in one place.

Facebook (Meta) Pixel

Format: 15–16 digit numeric ID

The Meta Pixel (still widely called the Facebook Pixel) is a snippet that reports visitor activity back to a Facebook advertising account so the advertiser can measure conversions and build retargeting audiences. It is initialised in the page with a long numeric ID, visible in the fbq('init', '...') call in the site's HTML.

Because a pixel is tied to a Facebook Business account, a shared pixel ID across domains links those sites to the same advertiser. Investigators use this to connect e-commerce storefronts, drop-shipping sites, and ad-driven landing pages that are run by a single operator behind different brand names.

Behaviour, privacy & product analytics

Hotjar · Clarity · FullStory · Plausible · Matomo · Fathom · Mixpanel · Amplitude · Segment · PostHog · Adobe

Google isn't the only analytics game. Behaviour tools like Hotjar, Microsoft Clarity, and FullStory record heatmaps and session replays. Privacy-first alternatives — Plausible, Matomo, Fathom — have grown quickly as sites moved away from Google for compliance reasons. Product teams lean on Mixpanel, Amplitude, Segment, or PostHog, and large corporate sites often run Adobe Analytics. Each carries an account token, site ID, or report suite that this tool detects where it appears in the page.

Some of these are unusually strong for attribution. Plausible's snippet embeds the data-domain it reports for — occasionally listing several domains in one account, a direct ownership link. And a self-hosted Matomo points at the operator's own tracking server, revealing infrastructure they control directly rather than a shared third-party platform — one of the most durable fingerprints there is.

Ad networks beyond AdSense

Adsterra · Media.net · Ezoic · Taboola · Outbrain

AdSense is the largest ad network, but far from the only one. This tool also detects Adsterra, Media.net, Ezoic, and the content-recommendation networks Taboola and Outbrain where their code appears in the page. Each ties a site to a publisher account that gets paid — the same ownership logic as AdSense.

Detection from page code is a best effort: some ad networks deliberately obfuscate or randomise their embed code, so they won't always be caught in the static HTML. This is exactly why the ads.txt file matters — it declares a site's ad-network relationships openly, catching networks the page-code scan may miss, including many that never expose a clean ID in the HTML.

Amazon Associates & affiliate tags

Format: yoursite-20 (Amazon) and network-specific IDs

Affiliate marketers earn commission by sending buyers to merchants through tagged links. Amazon's programme appends an associate tag to product URLs — the tag= parameter, ending in a two-digit locale suffix like -20 for the US. Other networks — CJ Affiliate, ShareASale, Impact — embed their own merchant or publisher IDs in outbound links.

Because an affiliate tag is the account that gets paid, it is a reliable ownership fingerprint. A network of review sites, coupon sites, or "best of" listicles that all funnel clicks through the same Amazon associate tag are almost certainly run by one operator monetising the whole portfolio through a single account. This is one of the most common patterns in affiliate-SEO reverse engineering.

ads.txt and sellers.json: the ad-network paper trail

Beyond IDs buried in page code, the advertising industry created two public files that make monetization relationships explicit — and they are a goldmine for understanding how a site earns.

ads.txt is a plain-text file a publisher places at /ads.txt on their own domain. It lists every advertising system authorised to sell that site's inventory, each with the publisher's account ID and whether the relationship is DIRECT (the publisher deals with the ad system directly) or RESELLER (an intermediary resells it). The standard exists to fight ad fraud — it lets buyers verify they're purchasing legitimate inventory — but as a side effect it publicly declares exactly which ad networks a site works with and under which account numbers.

The investigative value is direct: two sites whose ads.txt files list the same publisher account ID on the same ad system are selling ad space through the same account — a strong monetization link. The tool above fetches and parses a site's ads.txt so you can read these seller relationships at a glance. sellers.json is the complementary file, published by the ad exchanges themselves, mapping those seller account IDs back to the businesses behind them — closing the loop from "this ID" to "this company."

The network effect: connecting a portfolio

Individually, each of these signals links two sites. Together, they compound. A single operator running twenty sites might vary the domain names, hosting, and registrars — but if all twenty share one AdSense publisher ID, funnel affiliate clicks through one Amazon tag, and declare the same seller account in ads.txt, the monetization layer stitches the whole portfolio together. This is why monetization IDs are the backbone of competitor research and hidden-network discovery: the money has to flow somewhere, and where it flows is where the connections show.

As more domains are inspected through this tool, shared IDs begin to reveal these clusters directly — when an ID you're looking at has been seen on other domains, that connection is surfaced alongside it. The picture is scoped honestly to what has actually been observed here, not a claim about the entire internet, but for mapping a specific operator's footprint it is often all the thread you need to start pulling.

How shared IDs reveal common ownership

The core principle is simple: these identifiers correspond to accounts, and accounts belong to people or organisations. A web host is shared by strangers; an analytics or ad account is not. When the same account ID appears on multiple sites, the most economical explanation is that one party controls all of them.

The strength of the signal varies by type. An AdSense publisher ID or a GTM container ID is a very strong link, because those are centrally managed and tied to payment or deployment. A Google Analytics ID is strong. A Facebook Pixel is strong for advertising-driven sites. None of them is absolute proof on its own — a shared ID could, in rare cases, reflect a shared agency, a template, or a compromised account — which is why responsible investigators treat a matching ID as a lead to corroborate, not a verdict to publish. But as a starting thread to pull, few signals are more productive.

What this tool can and cannot see

This lookup reads a site's static homepage HTML — the code the server sends before any JavaScript runs. That is where many sites place their tracking snippets, so the tool finds IDs on a large share of the web, and it is especially effective on the simpler, hastily-built sites that OSINT work often targets.

It has honest limits, though. Sites that load analytics only after a cookie-consent banner is accepted, or that inject their IDs entirely through a Tag Manager container or an external script executed in the browser, may not expose those IDs in the raw HTML — so the tool can return fewer codes than a full browser would, or none at all. A blank result therefore means "no IDs were exposed in the static HTML," not necessarily "this site has no tracking." Conversely, when the tool does surface an ID, it is a real, verifiable string taken directly from the page.

Using tracking IDs responsibly

Tracking IDs are public information — they are transmitted to every visitor's browser by design, so reading them is neither hacking nor a privacy breach. But the conclusions drawn from them carry weight. A shared ID is evidence of a link, not proof of wrongdoing, and the same technique that unmasks a scam network could misattribute a coincidence. Treat a match as a hypothesis to verify against other evidence — registration data, content, infrastructure — before acting on it. Used carefully, tracking-ID analysis is one of the most efficient ways to map a single operator's footprint across the web.

Investigating a specific domain? Run a full lookup to see registration, DNS, status, and security signals alongside these tracking IDs in one view.