How This Briefing Works
This report opens with key findings, then maps the gaps between what Ocean discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
1 detection across 1 site100% pre-consent activity
CRITICAL
Pre-Consent Activity
Ocean was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
GDPRePrivacy
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
disclosure
CRITICAL
They Claim
“Pending claims extraction”
Observed Behavior
High Broker (50) and Counselor (70) scores indicate significant competitive data exposure and consent violations. Privacy policy likely omits disclosure of behavioral biometrics and cross-customer benchmarking.
Customer Impact
What This Means For You
Sales loses real-time revenue intent signals if Ocean is removed. Account prioritization and lead scoring degrade without behavioral intelligence. However, retention creates severe liability: GDPR Article 9 violations for biometric processing, potential competitive intelligence exposure if Ocean data is accessible to industry participants, data breach risk if session recordings containing PII are compromised.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Ocean
- →Immediate consent gate implementation before any Ocean scripts load
- →GDPR Article 9 compliance audit for behavioral biometric lawful basis
- →Session recording disclosure in privacy policy with explicit opt-in
- →Data Processing Agreement review for revenue signal sharing with third parties
- →Audit whether Ocean revenue data is accessible to competitors
If You're Evaluating Ocean
- →Defer all Ocean scripts until post-consent confirmation with granular biometric consent
- →Require vendor attestation on GDPR Article 9 lawful basis documentation
- →Assess first-party revenue intelligence alternatives without cross-customer data pooling
- →Demand contractual prohibition on competitor access to your visitor behavioral data
Negotiation Leverage
- →Ocean contract likely permits platform-wide revenue signal benchmarking using your visitor data - demand opt-out
- →Session recordings may be retained for extended periods for signal quality improvement - negotiate 30-day maximum retention
- →Confirm whether competitors using Ocean can access revenue intelligence derived from your prospect traffic
- →Request evidence of GDPR Article 9 compliance documentation for behavioral biometric processing
- →Demand technical controls preventing cross-customer visitor profile correlation and competitive intelligence leakage
Runtime Detections
Runtime Detections
4 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C09Consent Bypass
Ignoring CMP signals
BTI-C15Tag Manager
Container/loader (neutral)
IOC Manifest
IOC Manifest
188 INDICATORS
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*cdn.ocean.io/marketing/v2/_astro/page.CLuVLXup.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/NavbarV2.astro_astro_type_script_index_1_lang.DU82AD8i.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/ClientRouter.astro_astro_type_script_index_0_lang.CbyQc1_2.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/client.svelte.R2jJokg-.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/Button.DjexDooq.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/client.B9YBqyHK.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/update-utm-parameters.D8tAwedN.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/index.B4acoQ3n.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/router.CxpQgbQp.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/utm.WNCVMCB7.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/render.Crn7zg2X.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/branches.PdVrG1Cb.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/snippet.D68f65sa.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/if.D33HK-8c.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/attributes.5jvxwDEp.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/svelte-element.BTpfHqCw.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/Icon.B1aMEmRB.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/utils.DFGa*.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/props.DCMrVnj-.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/each.C4eYiYO4.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/definitions.DoPfFAju.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/SearchV2.DiJFK2qH.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/_commonjsHelpers.Cpj98o6Y.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/domain.BJS4ULYW.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/this.D-KcEd04.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/input.DRtIrI3k.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/index.DyeSaoEE.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/ImageScroll.CgE4Flqh.js*
Tracking script
EXFIL
*cdn.ocean.io/marketing/v2/_astro/DataFlex.CsjBiqNo.js*
Data collection endpoint
TRACK
*cdn.ocean.io/marketing/v2/_astro/Testimonials.nxc407iG.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/company.Dndkhw-J.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/company-line.Cyx9J2Rl.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/index-client.CLxGuVx9.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/Image.BKXZUMks.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/rich-text.D1CdZsGp.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/index.DKtf60Sy.js*
Tracking script
TRACK
*cdn.ocean.io/marketing/v2/_astro/Jitsu.astro_astro_type_script_index_0_lang.BCWGy65W.js*
Tracking script
TRACK
cdn.ocean.io/marketing/v2/_astro/ClientRouter.astro_astro_type_script_index_0_lang.CbyQc1_2.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/page.CLuVLXup.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/NavbarV2.astro_astro_type_script_index_1_lang.DU82AD8i.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/Button.DjexDooq.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/client.svelte.R2jJokg-.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/index.B4acoQ3n.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/client.B9YBqyHK.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/update-utm-parameters.D8tAwedN.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/utm.WNCVMCB7.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/router.CxpQgbQp.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/utils.DFGa1952.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/render.Crn7zg2X.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/snippet.D68f65sa.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/branches.PdVrG1Cb.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/attributes.5jvxwDEp.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/if.D33HK-8c.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/each.C4eYiYO4.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/svelte-element.BTpfHqCw.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/props.DCMrVnj-.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/Icon.B1aMEmRB.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/definitions.DoPfFAju.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/SearchV2.DiJFK2qH.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/input.DRtIrI3k.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/this.D-KcEd04.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/domain.BJS4ULYW.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/index.DyeSaoEE.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/_commonjsHelpers.Cpj98o6Y.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/ImageScroll.CgE4Flqh.js
Auto-extracted from scan
EXFIL
cdn.ocean.io/marketing/v2/_astro/DataFlex.CsjBiqNo.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/company.Dndkhw-J.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/company-line.Cyx9J2Rl.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/Testimonials.nxc407iG.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/index-client.CLxGuVx9.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/Image.BKXZUMks.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/index.DKtf60Sy.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/rich-text.D1CdZsGp.js
Auto-extracted from scan
TRACK
cdn.ocean.io/marketing/v2/_astro/Jitsu.astro_astro_type_script_index_0_lang.BCWGy65W.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Ocean integrates with CRM systems, sales engagement platforms, and account-based marketing tools. Revenue intent signals flow to sales intelligence dashboards. Session data may be pooled across Ocean customer base for industry benchmarking and signal quality improvement.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
189 detection signatures across scripts, domains, cookies, and network endpoints