All Vendors
deanon

Leadiq

LeadIQ delivers contact intelligence through visitor deanonymization achieving 80/100 CAC subsidization via data broker partnerships. Four BTI codes including consent bypass create 85/100 legal exposure while feeding competitor prospecting systems.

23 IOCs25 detections4% pre-consent24 sites
85
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Leadiq discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

25 detections across 24 sites4% pre-consent activity
MEDIUM

Pre-Consent Activity

Leadiq was observed loading and executing before user consent was obtained on 4% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Sales teams burn leads through premature outreach triggered by research visits. Marketing discovers prospect lists in competitor CRMs within 30 days. Legal inherits GDPR/CCPA exposure from deanonymization without consent. RevOps loses competitive advantage as visitor intelligence feeds competitor ABM strategies.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Leadiq

  • Audit LeadIQ DPA for visitor data syndication rights—broad broker sharing documented
  • Extract deanonymization logs showing identity resolution without consent
  • Map identified visitors to competitor outreach campaigns

If You're Evaluating Leadiq

  • Quantify false-positive MQL inflation from competitive research visits
  • Calculate visitor intelligence monetization (your traffic, their revenue)
  • Document GDPR Article 21 violations from right-to-object request failures

Negotiation Leverage

  • LeadIQ DPA permits visitor data syndication to sales intelligence vendors—loss of control over prospect data
  • 80/100 CAC subsidization as deanonymized visitors become competitor prospecting lists
  • Consent bypass (C09) processes personal data pre-authorization—GDPR Article 6 violations documented
  • Cross-domain sync (C08) links anonymous visits to LinkedIn profiles without user awareness
  • Browser extension fingerprinting persists identity despite cookie deletion
  • 85/100 legal exposure from deanonymization processing—evidence includes consent violation timestamps
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Tracking pixels persist through privacy mode via browser extension fingerprinting

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Identity resolution across website visits and LinkedIn profiles creates comprehensive professional surveillance

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Visitor deanonymization initiates on page load before consent resolution

BTI-C10Fingerprinting

Device identification

Impact: Browser extension fingerprinting enables persistent identity across sessions

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

13 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*assets.leadiq.com/form/v1/client.js*
Tracking script
EXFIL
*leadiq.com/DefaultData-*-*.js*
Data collection endpoint
TRACK
assets.leadiq.com/form/v1/client.js
Auto-extracted from scan
EXFIL
leadiq.com/DefaultData-c25f7c5c-ebd4ccbc.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

LeadIQ integrates with ZoomInfo, Apollo, and Clearbit, creating redundant visitor identification pipelines. Commonly deployed alongside 6sense and Demandbase, quadruplicating intent signal collection and broker syndication.
Loads (1)
Vector
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

23 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details