All Vendors
data_enrichment

Emailable

Emailable (email verification) exhibits behavioral biometrics (C06), session recording (C07), and consent bypass (C09). 50% Broker risk reflects email validation feeding B2B prospecting data.

73 IOCs1 detections100% pre-consent1 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Emailable discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

1 detection across 1 site100% pre-consent activity
CRITICAL

Pre-Consent Activity

Emailable was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown - requires claims extraction via CDT

Observed Behavior

Runtime evidence shows C06/C07/C09 patterns

Customer Impact

What This Means For You

Email verification with behavioral tracking creates identity resolution risk. Session recording captures email entry; fingerprinting enables cross-site tracking. Consent bypass eliminates GDPR Article 6 lawful basis for processing.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Emailable

  • Audit what data Emailable collects beyond email validation
  • Confirm consent before verification tracking starts
  • Review data sharing: does email validation data feed third-party databases?

If You're Evaluating Emailable

  • Test form interaction: does Emailable track before consent?
  • Ask: is email validation data shared with B2B prospecting platforms?
  • Verify privacy policy discloses behavioral tracking in verification process

Negotiation Leverage

  • C07 session recording captures email entry. Is this disclosed to users?
  • C09 consent bypass creates GDPR lawful basis gap. How do you enforce consent-first operation?
  • Email validation data feeding B2B databases = third-party sharing. Is this disclosed in privacy policy?
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

67 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*hog.emailable.com/static/array.js*
Tracking script
TRACK
*cioa.emailable.com/v1/analytics-js/snippet/*/analytics.js*
Tracking script
TRACK
*emailable.com/_bridgetown/static/index.76D52ZCG.js*
Tracking script
TRACK
*cioa.emailable.com/v1/projects/*/settings*
Tracking script
TRACK
*hog.emailable.com/array/phc_3NwTTnptrxMuD66f6kuYmuphgvDTA1zpFY0Ns8fGesp/config.js*
Tracking script
TRACK
*hog.emailable.com/static/dead-clicks-autocapture.js*
Tracking script
TRACK
*cioa.emailable.com/v1/analytics-js/ajs-destination.js*
Tracking script
TRACK
*hog.emailable.com/static/web-vitals.js*
Tracking script
TRACK
*hog.emailable.com/static/surveys.js*
Tracking script
TRACK
*hog.emailable.com/static/posthog-recorder.js*
Tracking script
TRACK
*cioa.emailable.com/v1/analytics-js/inAppPlugin.js*
Tracking script
TRACK
*cioa.emailable.com/v1/analytics-js/420.js*
Tracking script
TRACK
emailable.com/_bridgetown/static/index.76D52ZCG.js
Auto-extracted from scan
TRACK
hog.emailable.com/static/array.js
Auto-extracted from scan
TRACK
cioa.emailable.com/v1/analytics-js/snippet/5e0c66e38cc96cc13eea/analytics.min.js
Auto-extracted from scan
TRACK
hog.emailable.com/array/phc_3NwTTnptrxMuD66f6kuYmuphgvDTA1zpFY0Ns8fGesp/config.js
Auto-extracted from scan
TRACK
cioa.emailable.com/v1/analytics-js/ajs-destination.js
Auto-extracted from scan
TRACK
hog.emailable.com/static/posthog-recorder.js
Auto-extracted from scan
TRACK
hog.emailable.com/static/dead-clicks-autocapture.js
Auto-extracted from scan
TRACK
hog.emailable.com/static/surveys.js
Auto-extracted from scan
TRACK
hog.emailable.com/static/web-vitals.js
Auto-extracted from scan
TRACK
cioa.emailable.com/v1/analytics-js/420.js
Auto-extracted from scan
TRACK
cioa.emailable.com/v1/analytics-js/inAppPlugin.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Email verification + B2B prospecting stack. Often paired with Clearbit, ZoomInfo, Hunter. Email validation data feeds shared prospecting databases.
Loads (2)
AdrollCrisp
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

73 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details