All Vendors
advertising

Infolinks

Infolinks operates in-text advertising that survives ad blockers through aggressive DOM manipulation. Six BTI codes triggered including defeat devices and consent bypass create significant legal exposure while subsidizing competitor CAC at 90/100.

53 IOCs25 detections4% pre-consent24 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Infolinks discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

25 detections across 24 sites4% pre-consent activity
MEDIUM

Pre-Consent Activity

Infolinks was observed loading and executing before user consent was obtained on 4% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Marketing teams report distorted engagement metrics as in-text ad clicks register as content engagement. Product teams face UX degradation complaints. Legal teams inherit GDPR exposure from consent bypass and defeat device deployment. Revenue impact: every Infolinks impression subsidizes competitor acquisition while corrupting your attribution model.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Infolinks

  • Audit historical engagement metrics for synthetic spikes correlating with Infolinks deployment
  • Extract session recordings showing ad injection timing vs consent banner display
  • Document user complaints about unexpected link behavior

If You're Evaluating Infolinks

  • Map keyword targeting overlap with your owned content strategy
  • Quantify CAC increase from traffic leakage to competitor ads
  • Calculate GDPR fine exposure from consent bypass violations

Negotiation Leverage

  • Infolinks contractually disclaims GDPR compliance responsibility—liability transfers to publisher
  • No SLA on ad quality or competitor exclusion—you cannot prevent direct competitor ads in your content
  • Defeat device deployment violates user expectations and ad blocker respect policies
  • 90/100 CAC subsidization score represents measurable revenue leakage to competitors
  • Six BTI codes represent technical violations, not policy preferences—evidence pack includes timestamped captures
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: DOM manipulation bypasses ad blockers, creating adversarial relationship with privacy-conscious users

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse movement and scroll patterns captured to optimize ad placement targeting

BTI-C07Session Recording

Full session replay

Impact: Full interaction capture including text selection events for keyword targeting refinement

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Ad injection initiates before consent banner interaction, processing personal data pre-authorization

BTI-C10Fingerprinting

Device identification

Impact: Device and browser characteristics collected for cross-session ad frequency capping

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Dynamic script loading enables persistent tracking infrastructure updates

IOC Manifest

IOC Manifest

50 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.infolinks.com/wp-content/themes/infolinks/js/infolinks.js*
Tracking script
TRACK
*www.infolinks.com/wp-content/themes/infolinks/js/defer.js*
Tracking script
TRACK
*www.infolinks.com/wp-includes/js/wp-embed.js*
Tracking script
TRACK
*www.infolinks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js*
Tracking script
TRACK
*www.infolinks.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
www.infolinks.com/wp-content/themes/infolinks/js/infolinks.js
Auto-extracted from scan
TRACK
www.infolinks.com/wp-content/themes/infolinks/js/defer.js
Auto-extracted from scan
TRACK
www.infolinks.com/wp-includes/js/wp-embed.min.js
Auto-extracted from scan
TRACK
www.infolinks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js
Auto-extracted from scan
TRACK
www.infolinks.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Infolinks commonly deploys alongside Google AdSense and Taboola, creating overlapping ad inventory that degrades user experience. Sites using Infolinks typically run 6-12 advertising vendors simultaneously, compounding signal corruption across all measurement systems.
Loads (3)
MetapixelTwitter PixelCloudflare Insights
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

53 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details