All Vendors
revenue_intelligence

Phoneburner

Sales dialing platform with pre-consent tracking for call attribution and lead routing.

11 IOCs4 detections75% pre-consent3 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Phoneburner discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

4 detections across 3 sites75% pre-consent activity
CRITICAL

Pre-Consent Activity

Phoneburner was observed loading and executing before user consent was obtained on 75% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

LOW
They Claim

Pending claims extraction

Observed Behavior

Low Counselor score (40) indicates consent violations but minimal data commercialization. Privacy policy likely lacks specific disclosure of website-to-call tracking.

Customer Impact

What This Means For You

Sales loses website-to-call attribution if Phoneburner tracking is gated. Lead routing automation may degrade without visitor behavior signals. Call campaign effectiveness measurement becomes less accurate. However, retention creates minimal regulatory exposure compared to behavioral surveillance vendors - primary concern is consent violation rather than data commercialization.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Phoneburner

  • Implement consent gate before Phoneburner tracking scripts load
  • Audit call attribution accuracy impact from consent-gated deployment
  • Review Data Processing Agreement for call data retention and sharing
  • Confirm privacy policy discloses website-to-call tracking

If You're Evaluating Phoneburner

  • Defer Phoneburner scripts until post-consent confirmation
  • Assess server-side call attribution alternatives using form submissions instead of visitor tracking
  • Consider whether call routing can operate without pre-consent visitor behavior signals
  • Evaluate CRM-based lead routing instead of real-time visitor tracking

Negotiation Leverage

  • Phoneburner contract should address consent-gated deployment impact on attribution and routing accuracy
  • Negotiate technical capabilities for consent-aware tracking integration
  • Confirm Phoneburner supports first-party tracking modes or server-side attribution
  • Request documentation on call data retention and visitor profile persistence
Runtime Detections

Runtime Detections

1 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

7 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.phoneburner.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
www.phoneburner.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Phoneburner integrates with CRM systems, sales engagement platforms, and lead distribution tools. Call attribution data links website behavior to outbound dialing campaigns. Often deployed with complementary sales intelligence vendors that benefit from shared visitor-to-call linkage.
Loads (5)
FullstoryLinkedinG2Googleanalytics4Shopping Google
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

11 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details