All Vendors
deanon

Koala

Koala deanonymization platform deploys comprehensive surveillance infrastructure - behavioral biometrics, session recording, consent bypass, identity resolution, and tag manager injection.

138 IOCs18 detections17% pre-consent6 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Koala discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

18 detections across 6 sites17% pre-consent activity
MEDIUM

Pre-Consent Activity

Koala was observed loading and executing before user consent was obtained on 17% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

comprehensive_surveillance

CRITICAL
They Claim

Unknown - requires claims extraction

Observed Behavior

C06+C07+C09+C14+C15 detected - maximum surveillance deanonymization platform

Customer Impact

What This Means For You

Organizations deploying Koala face maximum deanonymization liability. Multi-vector surveillance (biometrics, recording, identity linkage) creates compounding compliance exposure. Pre-consent deanonymization violates fundamental privacy requirements. Sales intelligence derived from non-consented comprehensive surveillance produces legally indefensible lead generation.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Koala

  • IMMEDIATE: Audit complete Koala surveillance scope - catalog behavioral, recording, and identity capabilities
  • Map identity resolution methodology - how does Koala link anonymous to known?
  • Verify tag manager injection scope - what capabilities can Koala deploy autonomously?
  • Enforce strict consent gate - deanonymization must not occur pre-consent
  • Document session recording extent - full replay vs aggregated metrics

If You're Evaluating Koala

  • Evaluate first-party identification alternatives eliminating third-party deanonymization
  • Consider form-based lead capture instead of stealth visitor identification
  • Investigate privacy-respecting analytics without identity resolution
  • Prepare Koala removal plan - comprehensive surveillance creates unacceptable liability

Negotiation Leverage

  • Koala deploys C06+C07+C09+C14+C15 - vendor must explain comprehensive surveillance infrastructure
  • Demand complete technical disclosure of behavioral, recording, identity, and injection capabilities
  • Require consent-first operation - no pre-consent deanonymization
  • Negotiate removal of session recording and behavioral biometrics if not contractually specified
  • Establish absolute liability for deanonymization violations - vendor accountability is non-negotiable
  • Consider contract termination - surveillance scope may exceed acceptable risk threshold
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

134 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.getkoala.com/_next/static/chunks/201-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/uooST1BOPeHpdkSjIG5fr/_ssgManifest.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/uooST1BOPeHpdkSjIG5fr/_buildManifest.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/pages/index-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*cdn.getkoala.com/v1/pk_*/sdk.js*
Tracking script
TRACK
*www.getkoala.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/pages/customers-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/pages/blog-*.js*
Tracking script
TRACK
*www.getkoala.com/_next/static/chunks/pages/pricing-*.js*
Tracking script
TRACK
*www.getkoala.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
cdn.getkoala.com/v1/
Tracking script
TRACK
www.getkoala.com/_next/static/chunks/webpack-ed6e91637d3e7c8a.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/framework-7c278d54d82fb007.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/main-87a9e39b57566ee9.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/pages/_app-bb97e92e4f3f3faf.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/9656-9439b914ddc6c10e.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/7324-8b4447a4ffe19198.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/3142-174d5ad08647ad5c.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/201-c07977781d31a8a1.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/pages/index-f94fabc27d90a3d2.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/uooST1BOPeHpdkSjIG5fr/_buildManifest.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/uooST1BOPeHpdkSjIG5fr/_ssgManifest.js
Auto-extracted from scan
TRACK
cdn.getkoala.com/v1/pk_2d9ae732d37d091e952f044d4ec428a75df1/sdk.js
Auto-extracted from scan
TRACK
www.getkoala.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.getkoala.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7f3d2ee44814/main.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/pages/customers-3be50477f258b967.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/9839-d3fe9312e363281b.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/1284-5002b6af04d1ffac.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/pages/blog-5e0d9c0ac97b1700.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/3791-1e3259f2af0fa6fa.js
Auto-extracted from scan
TRACK
www.getkoala.com/_next/static/chunks/pages/pricing-bb6f3abdd6a21b25.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Operates as comprehensive visitor identification infrastructure. Tag manager injection creates autonomous deployment capability. Integration with marketing automation and CRM systems enables identified visitor data to flow into sales/marketing operations.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

138 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details