How This Briefing Works
This report opens with key findings, then maps the gaps between what Moxiegtm discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Moxiegtm was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
Claims vs. Observed Behavior
Pending Analysis
“Claims extraction pending”
CDT analysis critical — deanon vendors core function is identity resolution (BTI-C14)
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Moxiegtm
- →do not deploy without full behavioral audit
- →review consent mechanisms for identity resolution
If You're Evaluating Moxiegtm
- →critical-priority recon investigation — deanon vendors require immediate behavioral analysis
Negotiation Leverage
- →Baseline detection only — behavioral analysis is critical for deanon vendors
- →Identity resolution vendors operate at the intersection of privacy law and surveillance
- →Require complete data flow documentation including identity graph sources and retention policies
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Keystroke/mouse tracking
Full session replay
Identity stitching
Ignoring CMP signals
PII deanonymization
IOC Manifest
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
28 detection signatures across scripts, domains, cookies, and network endpoints