![[24]7.ai](https://myqtquraksvvfxdnqikq.supabase.co/storage/v1/object/public/vendor-assets/logos/247.svg)
How This Briefing Works
This report opens with key findings, then maps the gaps between what [24]7.ai discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
44 detections across 43 sites2% pre-consent activity2 critical disclosure gaps
CRITICAL
consent_gap
Pre-consent tracking observed for 247.ai's own code, Apollo.io, GoogleAnalytics4, TrustArc itself, and Verisoul
GDPR Article 7ePrivacy Directive Article 5(3)
CRITICAL
subprocessor_gap
30+ third-party vendors observed including Apollo.io, ZoomInfo, HubSpot, Factors.ai, Verisoul, HGInsights
GDPR Article 28GDPR Article 13(1)(e)CCPA Section 1798.140(v)
MEDIUM
Pre-Consent Activity
[24]7.ai was observed loading and executing before user consent was obtained on 2% of sites where it was detected.
GDPRePrivacy
HIGH
claims_gap
Uses Apollo.io and ZoomInfo as subprocessors - both are known hostile de-anonymization services
SOC 2 Trust Service CriteriaISO 27001 Clause A.15
HIGH
consent_gap
TrustArc itself fires pre-consent (pre_consent=true in detections)
ePrivacy Directive Article 5(3)
Disclosure Gaps
Claims vs. Observed Behavior
6 gaps
2 CRIT2 HIGH2 MED
Classified:BTI-X01BTI-X02BTI-X05BTI-X08BTI-X10
consent_gap
GDPR Article 7 · ePrivacy Directive Article 5(3)CRITICAL
They Claim
“Cookie consent banner deployed via TrustArc requiring user consent”
Observed Behavior
Pre-consent tracking observed for 247.ai's own code, Apollo.io, GoogleAnalytics4, TrustArc itself, and Verisoul
intel_detections shows pre_consent=true for multiple vendors on 247.ai scans
subprocessor_gap
GDPR Article 28 · GDPR Article 13(1)(e) · CCPA Section 1798.140(v)CRITICAL
They Claim
“Privacy policy mentions 'service providers' and 'data aggregators' generically with no names”
Observed Behavior
30+ third-party vendors observed including Apollo.io, ZoomInfo, HubSpot, Factors.ai, Verisoul, HGInsights
Network requests captured in scan showing 31 distinct vendor domains
claims_gap
SOC 2 Trust Service Criteria · ISO 27001 Clause A.15HIGH
They Claim
“SOC 2 Type II and ISO 27001:2013 certified, verified by independent auditors”
Observed Behavior
Uses Apollo.io and ZoomInfo as subprocessors - both are known hostile de-anonymization services
Trust Center claims certification while runtime shows data flows to identity resolution vendors
consent_gap
ePrivacy Directive Article 5(3)HIGH
They Claim
“TrustArc CMP deployed to manage consent”
Observed Behavior
TrustArc itself fires pre-consent (pre_consent=true in detections)
TrustArc detected with pre_consent=true, defeating the purpose of the CMP
disclosure_gap
CCPA Section 1798.135MEDIUM
They Claim
“No mention of Global Privacy Control in privacy policy”
Observed Behavior
GPC is a legal requirement in California and increasingly elsewhere
Full text search of privacy policy shows no GPC mention
disclosure_gap
ePrivacy Directive Article 5(3)MEDIUM
They Claim
“Privacy policy silent on device fingerprinting”
Observed Behavior
No disclosure of fingerprinting practices one way or another
Privacy policy does not address fingerprinting despite extensive tracking
Customer Impact
What This Means For You
If [24]7.ai handles your customer experience operations, their 30+ undisclosed third-party vendors create an invisible data supply chain you cannot audit. Under GDPR Art 28, you must document all subprocessors — [24]7.ai's privacy policy names zero vendors while Apollo.io and ZoomInfo (identity resolution networks) are detected at runtime. Your customer interaction data flows through infrastructure shared with these de-anonymization services. The TrustArc consent banner itself fires before consent on their site, suggesting fundamental CMP implementation issues that may extend to their customer-deployed solutions. Their SOC 2 and ISO 27001 certifications cover internal operations but do not address the undisclosed vendor relationships.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use [24]7.ai
- →Request complete subprocessor list immediately — their privacy policy names zero vendors while 30+ are detected at runtime
- →Audit data flows to verify what data reaches Apollo.io and ZoomInfo through your [24]7.ai deployment
- →Review your DPA to ensure undisclosed vendor relationships are covered by contractual protections
- →Test consent implementation — verify [24]7.ai scripts respect your CMP signals given their own TrustArc fires pre-consent
- →Document risk acceptance if continuing use — their pre-consent behavior and undisclosed vendors create shared liability
If You're Evaluating [24]7.ai
- →Demand named subprocessor list before procurement — zero vendor disclosure is a critical transparency failure
- →Require contractual mandate for consent-gated loading — their own site contradicts compliance claims
- →Ask specifically about Apollo.io and ZoomInfo relationships and whether identity resolution data flows affect your customer data
- →Verify SOC 2 and ISO 27001 certification scope covers your specific deployment use case
- →Consider CX alternatives with transparent data practices and published subprocessor lists
Negotiation Leverage
- →Subprocessor list requirement: [24]7.ai's privacy policy names zero subprocessors while 30+ vendors are detected at runtime. Require complete named subprocessor list as a contract precondition — this is a baseline GDPR Art 28 requirement.
- →Identity resolution disclosure: Apollo.io and ZoomInfo on their site perform visitor deanonymization. Require written confirmation of whether these services process data from your customer interactions.
- →CMP remediation: Their TrustArc consent banner fires before consent. Require contractual guarantee that any scripts deployed in your customer experience environment respect your CMP signals with zero pre-consent activity.
- →Security certification scope: Request SOC 2 and ISO 27001 reports and verify scope covers customer-facing deployments, not just internal infrastructure.
- →Data flow audit rights: Require quarterly right to audit network requests from [24]7.ai solutions deployed in your environment to verify no undisclosed third-party data flows.
Runtime Detections
Runtime Detections
7 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C08Cross-Domain Sync
Identity stitching
BTI-C09Consent Bypass
Ignoring CMP signals
BTI-C10Fingerprinting
Device identification
BTI-C14Identity Resolution
PII deanonymization
IOC Manifest
IOC Manifest
199 INDICATORS
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.247.ai/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/anywhere-elementor-pro/build/index.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/js/ae-pro.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/js/ae-editor.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/lib/vegas/vegas.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/fastdom/fastdom.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/popup-anything-on-click/assets/js/popupaoc-public.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/bootstrap/js/bootstrap.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/jquery-ui/jquery-ui.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/fresco/js/fresco.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/lity/lity.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/fontfaceobserver.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/gsap/minified/gsap.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/gsap/minified/ScrollTrigger.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/intersection-observer.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/lazyload.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/tinycolor-min.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/gsap/utils/SplitText.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/js/theme.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/flickity/flickity-fade.js*
Tracking script
TRACK
*www.247.ai/wp-content/themes/hub/assets/vendors/flickity/flickity.pkgd.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/ymc-smart-filter/includes/assets/js/masonry.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/ymc-smart-filter/includes/assets/js/script.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/jquery/ui/datepicker.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*www.247.ai/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/section-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*www.247.ai/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
www.247.ai/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/js/ae-pro.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/anywhere-elementor-pro/build/index.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/js/ae-editor.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/popup-anything-on-click/assets/js/popupaoc-public.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/anywhere-elementor-pro/includes/assets/lib/vegas/vegas.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/fastdom/fastdom.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/bootstrap/js/bootstrap.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/jquery-ui/jquery-ui.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/fresco/js/fresco.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/lity/lity.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/gsap/minified/gsap.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/gsap/minified/ScrollTrigger.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/fontfaceobserver.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/intersection-observer.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/lazyload.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/tinycolor-min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/gsap/utils/SplitText.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/js/theme.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/flickity/flickity.pkgd.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/themes/hub/assets/vendors/flickity/flickity-fade.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/ymc-smart-filter/includes/assets/js/masonry.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/jquery/ui/datepicker.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/ymc-smart-filter/includes/assets/js/script.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/section-frontend-handlers.d85ab872da118940910d.bundle.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.4c8abccc3e268b0767b2.bundle.min.js
Auto-extracted from scan
TRACK
www.247.ai/wp-content/plugins/elementor/assets/js/text-editor.abc8f59c62f2820dc25a.bundle.min.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
[24]7.ai operates as a high-value node in the B2B surveillance network, deploying Apollo.io (identity resolution), ZoomInfo (contact enrichment), Factors.ai (visitor intelligence), and HubSpot (marketing automation) on their own website. TrustArc is deployed as the CMP but fires pre-consent, defeating its purpose. The presence of de-anonymization vendors on a 'customer experience' platform suggests deep integration with identity resolution networks that their customers may be unaware of.
Loads (1)
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
210 detection signatures across scripts, domains, cookies, and network endpoints