All Vendors
deanon

Leadfeeder

Leadfeeder deanonymization platform deploys comprehensive visitor identification surveillance - behavioral biometrics, session recording, consent bypass, identity resolution.

49 IOCs56 detections61% pre-consent39 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Leadfeeder discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

56 detections across 39 sites61% pre-consent activity
CRITICAL

Pre-Consent Activity

Leadfeeder was observed loading and executing before user consent was obtained on 61% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

account_surveillance

CRITICAL
They Claim

Unknown - requires claims extraction

Observed Behavior

C06+C07+C09+C14 detected - comprehensive B2B deanonymization platform

Customer Impact

What This Means For You

B2B organizations deploying Leadfeeder face comprehensive deanonymization liability. Multi-vector surveillance creates compounding compliance exposure. Pre-consent account identification violates fundamental privacy requirements. Sales intelligence derived from non-consented comprehensive tracking produces legally questionable lead generation. GDPR fines target both controller (customer) and processor (Leadfeeder).
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Leadfeeder

  • IMMEDIATE: Audit complete Leadfeeder surveillance scope - catalog behavioral, recording, and identity capabilities
  • Map identity resolution methodology - IP lookup, reverse DNS, firmographic enrichment sources
  • Verify session recording extent - full interaction replay vs aggregated analytics
  • Enforce strict consent gate - account identification must not occur pre-consent
  • Document data flows to sales/marketing systems receiving deanonymized data

If You're Evaluating Leadfeeder

  • Evaluate first-party account identification alternatives
  • Consider form-based account capture instead of stealth visitor tracking
  • Investigate privacy-respecting B2B analytics without identity resolution
  • Prepare Leadfeeder removal plan - comprehensive surveillance may exceed acceptable risk

Negotiation Leverage

  • Leadfeeder deploys C06+C07+C09+C14 - vendor must explain comprehensive account identification surveillance
  • Demand complete technical disclosure of behavioral tracking, session recording, and identity resolution
  • Require consent-first operation - no pre-consent deanonymization
  • Negotiate removal of session recording if not contractually specified
  • Establish absolute liability for deanonymization violations under GDPR/CCPA
  • Consider contract termination if surveillance scope creates unacceptable compliance risk
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

39 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.leadfeeder.com/all.min-*.js*
Tracking script
TRACK
sc.lfeeder.com
Tracking script
TRACK
lftracker.leadfeeder.com
Tracking script
TRACK
www.leadfeeder.com/all.min-d626ba3f.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Operates as B2B visitor identification infrastructure. Integration with IP intelligence databases and firmographic enrichment creates account-level deanonymization. Feeds marketing automation and sales engagement platforms with identified visitor intelligence.
Loads (1)
Vwo
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

49 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details