All Vendors
deanon

Firmable

Firmable is a deanon vendor with a VRS of 80, combining high Oracle (40), maximum Broker (100), and maximum Counselor (100) threats. The platform deploys defeat devices, behavioral biometrics, session recording, cross-domain sync, consent bypass, and fingerprinting to unmask anonymous B2B website visitors.

267 IOCs54 detections11% pre-consent51 sites
90
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Firmable discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

54 detections across 51 sites11% pre-consent activity
MEDIUM

Pre-Consent Activity

Firmable was observed loading and executing before user consent was obtained on 11% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Marketing teams deploying Firmable gain short-term visibility into anonymous traffic but inherit catastrophic liabilities: (1) Attribution corruption as identification false positives pollute funnel analytics, (2) Systematic competitive intelligence leakage as visitor data feeds the broader identification network, (3) Maximum GDPR/CCPA exposure from behavioral biometrics, session recording, cross-domain tracking, and consent bypass creating compounding per-violation fines. The platform's data sharing model means your website traffic directly subsidizes competitor demand generation.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Firmable

  • Immediately audit Firmable deployment for consent bypass and cross-domain tracking
  • Demand contractual prohibition on visitor data sharing across customer base
  • Require third-party audit of identification methodology and match rate accuracy
  • Implement consent-first deployment where behavioral capture only activates after explicit opt-in

If You're Evaluating Firmable

  • Request data deletion for all previously identified visitors under GDPR Article 17
  • Evaluate alternative visitor identification with first-party strategies (progressive profiling, gated content)
  • Consider whether identification benefits justify maximum regulatory exposure and competitive intelligence leakage
  • Assess total cost of ownership including legal defense, compliance monitoring, and potential regulatory fines

Negotiation Leverage

  • Firmable VRS 80 = Broker (100) + Counselor (100) maximum threat. Visitor data sharing = direct competitor subsidy. This is existential risk.
  • Cross-domain sync (BTI-C08) + consent bypass (BTI-C09) = systematic GDPR violation. Regulatory investigation would result in maximum fines.
  • Session recording (BTI-C07) + behavioral biometrics (BTI-C06) = special category data processing without legal basis. Demand documentation or terminate.
  • Data cooperative model means your traffic intelligence feeds competitors. Negotiate exclusive data processing or exit immediately.
  • Ask: What visitor data is shared across customers? How are individuals notified? What is the data breach history? Expect evasive answers.
  • Recommendation: Contract termination. The competitive intelligence leakage alone justifies exit; regulatory exposure makes this legally indefensible.
Runtime Detections

Runtime Detections

8 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Tag behavior varies based on privacy tool detection, presenting compliant facade to auditors while conducting full tracking on standard browsers.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse tracking, scroll patterns, and keystroke dynamics create unique visitor signatures enabling cross-session and cross-device identification that survives cookie deletion.

BTI-C07Session Recording

Full session replay

Impact: Full session capture including form inputs and page interactions creates PII exposure risk and enables behavioral profiling users cannot detect.

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Cookie syncing across multiple domains enables visitor tracking across unrelated websites, creating systematic privacy violation and competitive intelligence leakage.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tracking continues after consent rejection, demonstrating systematic disregard for user privacy rights and creating ongoing GDPR violation liability.

BTI-C10Fingerprinting

Device identification

Impact: Browser and device fingerprinting creates persistent identifiers that defeat user privacy controls and enable long-term tracking across contexts.

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

256 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*firmable.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/handl-utm-grabber-v3/js/js.cookie.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/handl-utm-grabber-v3/js/handl-utm-grabber.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/genesis-blocks/dist/assets/js/dismiss.js*
Tracking script
TRACK
*firmable.com/wp-content/themes/genesis-block-theme/js/genesis-block-theme.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*firmable.com/wp-content/uploads/premium-addons-elementor/pafe-43.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/elements-handler.js*
Tracking script
TRACK
*firmable.com/wp-content/uploads/premium-addons-elementor/pafe-675.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*firmable.com/wp-content/uploads/premium-addons-elementor/pafe-*.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/premium-dis-conditions.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/geoip-detect/js/dist/frontend_full.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/ubermenu/assets/js/ubermenu.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/interactions.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/lib/motion/motion.js*
Tracking script
TRACK
*firmable.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/section-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.*.bundle.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
*firmable.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor-pro/assets/js/carousel.*.bundle.js*
Tracking script
TRACK
*firmable.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*firmable.com/wp-content/plugins/elementor/assets/js/image-carousel.*.bundle.js*
Tracking script
TRACK
firmable.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/handl-utm-grabber-v3/js/js.cookie.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/handl-utm-grabber-v3/js/handl-utm-grabber.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/geoip-detect/js/dist/frontend_full.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/genesis-blocks/dist/assets/js/dismiss.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/themes/genesis-block-theme/js/genesis-block-theme.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/uploads/premium-addons-elementor/pafe-43.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/elements-handler.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/uploads/premium-addons-elementor/pafe-675.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/uploads/premium-addons-elementor/pafe-2570.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/premium-dis-conditions.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/lib/motion/motion.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/interactions.min.js
Auto-extracted from scan
TRACK
firmable.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/section-frontend-handlers.d85ab872da118940910d.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.03caa53373b56d3bab67.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.8521a0597c50611efdc6.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/text-editor.45609661e409413f1cef.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor/assets/js/image-carousel.6167d20b95b33386757b.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/wp-content/plugins/elementor-pro/assets/js/carousel.3620fca501cb18163600.bundle.min.js
Auto-extracted from scan
TRACK
firmable.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/d251aa49a8a3/main.js
Auto-extracted from scan
TRACK
firmable.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Firmable participates in the B2B visitor identification ecosystem alongside 6sense, Demandbase, Clearbit, and RB2B. The platform operates a data cooperative where identified visitors from one customer's website inform intent scoring for other customers, creating systematic competitive intelligence sharing. Integration with CRM and marketing automation platforms creates bidirectional data flow where identified visitors are enriched with external contact databases.
Loads (1)
Vwo
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

267 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details