Companyenrich | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Companyenrich discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

27 detections across 25 sites11% pre-consent activity

MEDIUM

Pre-Consent Activity

Companyenrich was observed loading and executing before user consent was obtained on 11% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

Customer Impact

What This Means For You

Customers face GDPR violations from pre-consent tracking during enrichment workflows. Behavioral profiling of enrichment patterns may expose competitive intelligence priorities or M&A due diligence targets if Companyenrich monetizes query patterns.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Companyenrich

→Configure Companyenrich to activate only after consent for analytics/profiling collected
→Verify enrichment occurs server-side without client-side visitor tracking
→Limit Companyenrich behavioral tracking to necessary enrichment functionality only
→Conduct quarterly audits of enrichment query pattern retention

If You're Evaluating Companyenrich

→Request DPA confirming enrichment query patterns are not retained or analyzed for Companyenrich analytics products
→Verify data retention period for enrichment request logs
→Assess alternative enrichment services with privacy-preserving architectures
→Demand contractual prohibition on using customer enrichment patterns for cross-customer market intelligence

Negotiation Leverage

→Companyenrich consent bypass (BTI-C09) during enrichment creates pre-consent processing—require technical controls to delay tracking until after consent
→Behavioral tracking (BTI-C06) of enrichment patterns may expose intelligence priorities—demand contractual prohibition on query pattern retention beyond technical necessity (24-48 hours)
→Clarify whether enrichment request patterns are analyzed for Companyenrich's own market intelligence products—negotiate opt-out if disclosed

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures company search patterns, enrichment request timing, and query sequences to profile customer intelligence gathering priorities.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Initializes tracking during enrichment workflows before consent collection, creating automatic legal violations for data enrichment processes.

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

29 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

EXFIL

*companyenrich.com/assets/main-3giSPG_w.js*

Data collection endpoint

EXFIL

*companyenrich.com/assets/main-CqLoMcaC.js*

Data collection endpoint

EXFIL

companyenrich.com/assets/main-CqLoMcaC.js

Auto-extracted from scan

EXFIL

companyenrich.com/assets/main-3giSPG_w.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Companyenrich integrates with CRM platforms, sales intelligence tools, and marketing automation systems to provide real-time company data enrichment. Request patterns include company lookups, contact enrichment, and firmographic data retrieval.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

33 detection signatures across scripts, domains, cookies, and network endpoints