Saleshandy | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Saleshandy discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

1 detection across 1 site100% pre-consent activity

CRITICAL

Pre-Consent Activity

Saleshandy was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

email_web_surveillance

HIGH

They Claim

“Pending claims extraction”

Observed Behavior

Runtime shows email-linked web tracking active before consent

Customer Impact

What This Means For You

Marketing teams gain email-web attribution but expose visitor journeys linking communication to website behavior (Broker/Reaper). Legal teams face consent bypass liability from web tracking activated via email. Sales teams inherit persistent surveillance creating regulatory risk from email-web linking.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Saleshandy

→Audit email-to-web tracking linkage and consent timing
→Map persistence mechanisms linking email recipients to web visitors
→Document session recording scope for email-originated sessions
→Verify DPA covers email-web surveillance combination

If You're Evaluating Saleshandy

→Require consent-first web tracking with email attribution disabled pre-consent
→Demand disclosure of email-web linking methodology and persistence techniques
→Negotiate liability provisions covering surveillance across communication channels
→Evaluate email-only alternatives without web tracking extension

Negotiation Leverage

→Four active BTI codes: Demand DPA addressing each threat category
→C09+C07 email-web combination: Require consent before ANY web tracking regardless of email engagement
→Persistence threat: Demand 24hr data deletion post-consent-revocation across email AND web
→Request written confirmation that email engagement does not bypass web consent requirements
→Alternative: Email tracking without web extension eliminates consent bypass surface

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

246 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*www.saleshandy.com/wp-includes/js/jquery/jquery.js*

Tracking script

TRACK

*www.saleshandy.com/wp-content/litespeed/js/*.js*

Tracking script

EXFIL

*optn.saleshandy.com/app/js/api.js*

Data collection endpoint

TRACK

*www.saleshandy.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*

Tracking script

TRACK

www.saleshandy.com/wp-content/litespeed/js/bb7bbcd33f4523e4d6cc150395ebdcf8.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-includes/js/jquery/jquery.min.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/1c8759ae8e20d29b9b4a90e4d50704de.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/1370abb9047fc2411b1018d262652958.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/fcfe01fe4fcffd6d51a3a12b22245113.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/b5583249917a01a5cbd60f40d5e5b824.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/354cd77319662561c7a0437cf106f4e9.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/0e2273788be2aec41068a02299042d85.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/a7f01f9cc6e41bc83dde1eff4e828cd6.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/25bcec780c94461305626569aa0adaee.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/8ca78e549044b1afab1852c5fb21dce6.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/7fe05aa9b699ce6caf156dfcce2ae2fd.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/8d37ddc73bb230cca4fdfe409c1b5d98.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/a9ad763e5a7d196b5563c382a3cdabd0.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/f3e495fa09c72f02b91b948dafdb819f.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/litespeed/js/02dd459c334b8f835ea932813075f20c.js

Auto-extracted from scan

EXFIL

optn.saleshandy.com/app/js/api.min.js

Auto-extracted from scan

TRACK

www.saleshandy.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Saleshandy operates across email and web layers, integrating with email platforms (Gmail, Outlook) and feeding engagement data to CRM and marketing automation. Creates unique exposure when email surveillance links to web behavior, enabling comprehensive journey tracking. Co-deployment with other email vendors multiplies communication surveillance.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

255 detection signatures across scripts, domains, cookies, and network endpoints