How This Briefing Works
This report opens with key findings, then maps the gaps between what Adhese discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Claims vs. Observed Behavior
Pending Analysis
“Claims extraction pending”
CDT analysis needed — DSPs deploy cross-domain sync and cookie matching infrastructure
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Adhese
- →monitor for scanner detections
- →audit programmatic tag deployment
If You're Evaluating Adhese
- →recon investigation for cross-domain sync and cookie matching behavior
Negotiation Leverage
- →Baseline detection only — DSPs require behavioral analysis for accurate risk assessment
- →Demand-side platforms operate extensive cross-domain tracking by design
- →Review bid stream data sharing and audience segment retention policies
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Ignoring CMP signals
Device identification
IOC Manifest
Indicators of compromise across 2 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
No indicators in this category
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
4 detection signatures across scripts, domains, cookies, and network endpoints