All Vendors
deanon

Signalhire

Signalhire represents maximum de-anonymization threat convergence: behavioral biometrics, session recording, consent bypass, persistence, identity resolution, and tag manager capabilities. Purpose-built visitor identification infrastructure creating comprehensive Oracle-Broker-Reaper-Counselor exposure.

23 IOCs16 detections94% pre-consent14 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Signalhire discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

16 detections across 14 sites94% pre-consent activity
CRITICAL

Pre-Consent Activity

Signalhire was observed loading and executing before user consent was obtained on 94% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

comprehensive_identification

CRITICAL
They Claim

Pending claims extraction

Observed Behavior

Runtime shows all 6 threat codes active simultaneously for maximum de-anonymization

Customer Impact

What This Means For You

Sales teams gain identified visitor lists but corrupt anonymous measurement with identity-based attribution (Oracle). De-anonymized audiences exposed to competitors via shared demand platforms (Broker). Persistent identification creates maximum regulatory and privacy exposure (Reaper). Consent bypass activates all six threats simultaneously (Counselor). This represents archetypal de-anonymization threat.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Signalhire

  • Immediate audit of all Signalhire contracts for consent and privacy language
  • Map complete identity resolution flow from anonymous visit to revealed identity
  • Calculate total exposure from persistent cross-session identification
  • Document consent bypass scope across all six identification components
  • Assess competitive intelligence risk from de-anonymized visitor list exposure

If You're Evaluating Signalhire

  • This should not be in evaluation. This should be in removal planning.
  • If legally required: Demand consent-first activation with ZERO pre-consent identification
  • Require written confirmation that NO identified visitor data accessible to competitors
  • Negotiate unlimited liability coverage for regulatory penalties from detected violations
  • Alternative: First-party identification via authenticated sessions eliminates vendor dependency and consent bypass

Negotiation Leverage

  • Six active BTI codes: This is maximum de-anonymization threat profile
  • C09 across ALL components: Demand DPA rewrite requiring consent-first activation or accept unlimited liability
  • C14+C13 combination: This is purpose-built surveillance infrastructure, not analytics tooling
  • Broker exposure: Require written confirmation that NO de-anonymized visitor data enters ANY platform accessible to competitors
  • C07+persistence: Demand immediate visitor data deletion upon consent revocation, covering ALL identification data
  • If renewal required: Treat as comprehensive identification infrastructure with maximum privacy impact
  • Alternative: Authenticated first-party identification eliminates third-party surveillance dependency
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C13Persistence Mechanisms

Long-lived identifiers

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

20 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.signalhire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*gtm.signalhire.com/gtm.js*
Tracking script
TRACK
*www.signalhire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
*gtm.signalhire.com/gtag/js*
Tracking script
TRACK
gtm.signalhire.com/gtm.js
Auto-extracted from scan
TRACK
www.signalhire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.signalhire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/d251aa49a8a3/main.js
Auto-extracted from scan
TRACK
gtm.signalhire.com/gtag/js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Signalhire operates at de-anonymization layer, feeding identified visitor lists to sales, marketing automation, and advertising platforms. Creates single point of maximum exposure where anonymous website behavior links to real identities. Co-deployment with other identification vendors multiplies privacy surface, enabling identity triangulation.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

23 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details