How This Briefing Works
This report opens with key findings, then maps the gaps between what Adara discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
48 detections across 47 sites2% pre-consent activity
MEDIUM
Pre-Consent Activity
Adara was observed loading and executing before user consent was obtained on 2% of sites where it was detected.
GDPRePrivacy
HIGH
Consent Framework
13 tracking vendors fire before any consent action on adara.com
GDPR Art 6GDPR Art 7ePrivacy Directive
HIGH
Compliance Claim Mismatch
False certification claims
HIGH
Scope Creep
Collection exceeds disclosed scope
Disclosure Gaps
Claims vs. Observed Behavior
3 gaps
1 HIGH2 MED
Classified:BTI-X05BTI-X08
Consent Framework
GDPR Art 6 · GDPR Art 7 · ePrivacy DirectiveHIGH
They Claim
“GDPR legal basis is user consent”
Observed Behavior
13 tracking vendors fire before any consent action on adara.com
Scan SCAN-1769087739876 shows Clarity, DoubleClick, Drift, GA4, LinkedIn, MetaPixel, OneTrust, Pardot, Slack, Verisoul, Zenrows, ZoomInfo all pre-consent
Data Scope
GDPR Art 4 · CCPA 1798.140MEDIUM
They Claim
“Pseudonymized travel intent data”
Observed Behavior
Deploys identity resolution (ZoomInfo) and session recording (Clarity) capable of de-anonymization
Detected vendors include ZoomInfo (B2B identity resolution), Clarity (session replay), MetaPixel (cross-site identity)
Data Sale Transparency
CCPA 1798.100 · CCPA 1798.115MEDIUM
They Claim
“Privacy Promise emphasizes user consent”
Observed Behavior
CCPA disclosure explicitly states they sell data to third parties
Adara FAQ states: we do transfer personal information collected via their publishers websites or Adaras website to third parties, which is considered a sale under the CCPA
Customer Impact
What This Means For You
YOUR traveler search and booking data feeds into Adara's co-op of 270+ partners — YOUR demand signals may surface in competitors' targeting. YOUR pricing strategy intelligence flows through a shared data pool where competitors can identify trending destinations and booking patterns from YOUR customers. With 13 vendors firing pre-consent on adara.com, YOUR consent framework may be undermined if Adara's pixels inherit the same behavior on YOUR properties. Under GDPR, Adara's claim of consent as legal basis is contradicted by their own 13-vendor pre-consent behavior.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Adara
- →Audit your consent mechanism to ensure Adara pixels only fire post-consent on your properties
- →Request Adara's complete subprocessor list and cross-reference against your privacy policy disclosures
- →Review data processing agreements for scope — verify your traveler data stays isolated from the broader co-op
- →Assess competitive intelligence exposure from your booking data flowing through a 270+ partner co-op
If You're Evaluating Adara
- →Request documentation on how your data is isolated within the 270+ partner co-op before signing
- →Verify Adara's GDPR consent framework against pre-consent evidence before any implementation
- →Compare with non-co-op travel data alternatives that do not pool your demand signals with competitors
- →Negotiate contractual restrictions on data sharing within the RateGain corporate family
Negotiation Leverage
- →Data co-op exposure: Adara pools traveler data from 270+ partners — use this to negotiate data isolation preventing your booking data from enriching competitors' targeting
- →Pre-consent tracking: 13 vendors fire before consent on adara.com — leverage to require consent architecture guarantees and audit rights for your implementation
- →RateGain acquisition: As a RateGain subsidiary, data flows may extend to rate intelligence products — negotiate restrictions on data sharing within the RateGain corporate family
- →Consent legal basis contradiction: Adara claims consent as GDPR legal basis while firing 13 vendors pre-consent — use this to negotiate enhanced consent enforcement or alternative legal basis documentation
Runtime Detections
Runtime Detections
6 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C08Cross-Domain Sync
Identity stitching
BTI-C09Consent Bypass
Ignoring CMP signals
BTI-C10Fingerprinting
Device identification
IOC Manifest
IOC Manifest
230 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-gdpr.js*
Tracking script
TRACK
*adara.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*adara.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.js*
Tracking script
TRACK
*adara.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js*
Tracking script
TRACK
*adara.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/contact-form-7/includes/js/index.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*adara.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*adara.com/wp-includes/js/underscore.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/jquery-form/jquery-form.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/dg-carousel/scripts/swiper.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-conditional.js*
Tracking script
TRACK
*adara.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js*
Tracking script
TRACK
*adara.com/wp-includes/js/wp-util.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/tipsy/tipsy.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/um-confirm/um-confirm.js*
Tracking script
TRACK
*adara.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/popups-for-divi/scripts/front.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/dg-carousel/scripts/frontend-bundle.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.time.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-scripts.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.date.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-modal.js*
Tracking script
TRACK
*adara.com/wp-content/themes/Divi/core/admin/js/common.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/raty/um-raty.js*
Tracking script
TRACK
*adara.com/wp-content/themes/Divi/includes/builder/scripts/ext/jquery.visible.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/fileupload/fileupload.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/common.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-profile.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/select2/i18n/en.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-responsive.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-account.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/common-frontend.js*
Tracking script
TRACK
*adara.com/wp-includes/js/mediaelement/wp-mediaelement.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/js/um-functions.js*
Tracking script
TRACK
*adara.com/wp-includes/js/mediaelement/mediaelement-migrate.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/pardot/js/asyncdc.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/select2/select2.full.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/pro-elements/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/pro-elements/assets/js/frontend.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/pro-elements/assets/js/elements-handlers.js*
Tracking script
TRACK
*adara.com/wp-content/themes/Divi/js/scripts.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/ultimate-member/assets/libs/cropper/cropper.js*
Tracking script
TRACK
*adara.com/wp-includes/js/mediaelement/mediaelement-and-player.js*
Tracking script
TRACK
*adara.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.js*
Tracking script
TRACK
*js-qa.adara.com/index.js*
Tracking script
TRACK
*jsres.adara.com/tcf/ro.json*
Tracking script
TRACK
adara.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-gdpr.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/contact-form-7/includes/js/index.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/dg-carousel/scripts/swiper.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/popups-for-divi/scripts/front.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/themes/Divi/js/scripts.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js
Auto-extracted from scan
TRACK
adara.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/dg-carousel/scripts/frontend-bundle.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/themes/Divi/includes/builder/scripts/ext/jquery.visible.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/themes/Divi/core/admin/js/common.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/underscore.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/wp-util.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/tipsy/tipsy.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/um-confirm/um-confirm.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.date.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/pickadate/picker.time.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/common.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/cropper/cropper.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/common-frontend.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-modal.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/jquery-form/jquery-form.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/fileupload/fileupload.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-functions.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-responsive.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-conditional.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/select2/select2.full.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/select2/i18n/en.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/libs/raty/um-raty.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-scripts.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-profile.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/ultimate-member/assets/js/um-account.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js
Auto-extracted from scan
TRACK
adara.com/wp-includes/js/mediaelement/wp-mediaelement.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/pardot/js/asyncdc.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/pro-elements/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/pro-elements/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/pro-elements/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
adara.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
Auto-extracted from scan
TRACK
js-qa.adara.com/index.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Adara operates as a travel data co-op sitting between publishers (airlines, hotels, OTAs) and advertisers. They aggregate traveler intent signals from 270+ partners, processing 4 billion searches and 23 billion data elements. Since January 2023, Adara is owned by RateGain, an India-based travel tech company. On client sites, Adara is typically loaded indirectly through tag managers or ad tech chains (common_load_method: indirect). On their own site, they deploy a heavy martech stack including Google ecosystem (Analytics, Ads, DoubleClick), identity vendors (ZoomInfo, Verisoul), session recording (Clarity, VWO), and B2B marketing tools (Pardot, Drift, LinkedIn). This creates a cascading data exposure where Adara both collects traveler data AND shares its own visitor data with 46+ third parties.
Loads (3)
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
250 detection signatures across scripts, domains, cookies, and network endpoints