All Vendors
dsp

Rtbhouse

RTB House represents full programmatic surveillance infrastructure: behavioral biometrics, session recording, consent bypass, persistence, and tag manager capabilities. Demand-side platform architecture creates maximum Broker exposure through bidstream participation.

94 IOCs2 detections50% pre-consent2 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Rtbhouse discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

2 detections across 2 sites50% pre-consent activity
CRITICAL

Pre-Consent Activity

Rtbhouse was observed loading and executing before user consent was obtained on 50% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

programmatic_surveillance

HIGH
They Claim

Pending claims extraction

Observed Behavior

Runtime shows full DSP tracking suite active before consent

Customer Impact

What This Means For You

Marketing teams gain retargeting capabilities corrupted by algorithmic attribution (Oracle). Visitor behavior exposed to competitors via bidstream (Broker). Persistent tracking creates regulatory and breach risk (Reaper). Consent bypass activates all threats simultaneously (Counselor). RevOps faces decisions based on synthetic programmatic attribution.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Rtbhouse

  • Audit bidstream participation - which exchanges and demand partners receive visitor data
  • Map consent bypass scope across all tracking components
  • Calculate retargeting impact from consent-first activation
  • Document persistence mechanisms and cross-session tracking

If You're Evaluating Rtbhouse

  • Demand bidstream exclusivity preventing competitor access to visitor behavior
  • Require consent-first activation with ZERO pre-consent tracking
  • Negotiate liability caps covering regulatory penalties from detected violations
  • Evaluate contextual retargeting alternatives eliminating behavioral tracking

Negotiation Leverage

  • Four active BTI codes: Demand DPA addressing each threat category
  • C09 across comprehensive tracking: Accept unlimited liability or implement consent-first activation
  • Bidstream Broker exposure: Require written confirmation that NO visitor data accessible to competitors
  • C07+persistence: Demand 24hr visitor data deletion post-consent-revocation
  • Alternative: Contextual retargeting eliminates behavioral tracking dependency
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

87 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.rtbhouse.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/*.*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/*-63c4-4f85-a502-*/_buildManifest.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/pages/index-*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/*-63c4-4f85-a502-*/_ssgManifest.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.rtbhouse.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
www.rtbhouse.com/_next/static/chunks/5658-d60d5c6cb7b1cae1.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/6688.e23646e80da57451.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/5449.700a2e5eaa9851e4.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/7693.4c53a2f9a9c66d46.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/9623-971ae96e4eaa8c41.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/3761-ddff9424e2154a01.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/4120.0c6ebee19d2fafc0.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/7948-94f4b03c0b751d68.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/6559.de6cff860f6f3721.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/webpack-590316e3d6fce56b.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/framework-0c2032461151f3a5.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/main-d78e41f251394b1e.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/pages/_app-7d4626c5c914e584.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/2231-0f6e0a612c8cbb76.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/2458-c8b82948a1733961.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/2015-517ba0f73f1dae72.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/8943-0224f1a22d7106d1.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/3560-246b8c55380b1d0c.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/1845-aa4b541cd5657132.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/2815-10a7e2d085f02bd7.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/5781-6a822c6065df95f9.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/9010-107a5dace38ae5c4.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/4205-118910d4a18f5dc1.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/4561-0ca760fa2f7153e4.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/2730-9bf6ae04dcc38326.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/9224-eafc65a392206b55.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/3357-dcfc87ec5a358f6b.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/9025-7e3ac2e2add4ae57.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/4798-0e785e86be095226.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/pages/index-993e688fa17b8902.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/79afa603-63c4-4f85-a502-6867bac27f4c/_buildManifest.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/79afa603-63c4-4f85-a502-6867bac27f4c/_ssgManifest.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/769f71ba.804ffc3ce6ae44b1.js
Auto-extracted from scan
TRACK
www.rtbhouse.com/_next/static/chunks/8185.85ba67e831615da1.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

RTB House operates at DSP layer, participating in real-time bidding via exchanges (Google Ad Exchange, OpenX, Rubicon). Creates single point of exposure where visitor behavior feeds entire demand ecosystem. Co-deployment with other DSPs multiplies bidstream exposure, enabling competitors to observe retargeting signals.
Loads (1)
Hubspot
Loaded By (1)
Aol
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

94 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details