All Vendors
data_enrichment

Adbeat

Competitive intelligence platform. High liability exposure from session recording and behavioral tracking without consent. High revenue impact from advertising strategy leakage.

77 IOCs12 detections100% pre-consent12 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Adbeat discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

12 detections across 12 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Adbeat was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Live website analysis pending

Customer Impact

What This Means For You

For security teams: Ad tracking pixels create surveillance infrastructure exploitable for reconnaissance. For legal: Session recordings across publisher network create multi-jurisdictional GDPR compliance obligations. For marketing: Every ad creative, placement, and conversion funnel leaked to competitors before campaign completion. For sales: Advertising budget allocation signals leaked to competitors adjusting their media mix.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Adbeat

  • Require Adbeat to execute post-consent only with documented legal basis
  • Implement 30-day data retention limits for ad interaction data
  • Add competitive intelligence disclosure to privacy policy
  • Audit data sharing agreements to identify ad strategy data buyers

If You're Evaluating Adbeat

  • Assess first-party ad effectiveness measurement vs. third-party competitive intelligence
  • Review DPA for ad tracking data controller/processor responsibilities
  • Calculate competitive leakage cost: (Adbeat fee + ad strategy value to competitors)

Negotiation Leverage

  • Session recording without consent violates GDPR Article 6 - require post-consent execution or contract termination
  • Tag manager deployment without consent governance creates liability gaps - demand technical controls preventing pre-consent execution
  • Ad strategy data resale subsidizes competitor campaigns - require complete buyer list with pricing transparency and opt-out rights
  • Persistent cross-site tracking violates ePrivacy Directive - demand 30-day retention maximum with automated deletion
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures ad interaction patterns and engagement behaviors for competitive benchmarking. Creates GDPR personal data processing obligations without documented legal basis.

BTI-C07Session Recording

Full session replay

Impact: Records visitor sessions across publisher networks to reconstruct ad effectiveness. Every recording creates GDPR data subject access request liability requiring video reconstruction.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Executes ad tracking and session recording before consent collection. Documented in pre-consent timeline analysis. Violates ePrivacy Directive cookie consent requirements.

BTI-C13Persistence Mechanisms

Long-lived identifiers

Impact: Maintains cross-site advertising profiles via persistent identifiers. Extends GDPR data retention and deletion obligations across multiple domains.

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Deploys via GTM enabling dynamic updates without change control. Creates consent governance gaps and prevents technical enforcement of privacy controls.

IOC Manifest

IOC Manifest

72 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*adbeat.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*adbeat.com/min/100/*
Tracking script
TRACK
*adbeat.com/static/js/lib/silktide-consent-manager.js*
Tracking script
TRACK
*adbeat.com/cdn-cgi/zaraz/s.js*
Tracking script
TRACK
adbeat.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
adbeat.com/min/100/
Auto-extracted from scan
TRACK
adbeat.com/static/js/lib/silktide-consent-manager.js
Auto-extracted from scan
TRACK
adbeat.com/cdn-cgi/zaraz/s.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Competitive intelligence layer feeding agency tools and ad tech platforms. Common co-deployments: Pathmatics (ad spend estimation), Moat (viewability measurement), DoubleClick (campaign management). Ad strategy data resold to DSPs and trading desks.
Loads (3)
VwoHotjarAdroll
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

77 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details