All Vendors
dsp

Sonobi

Advertising supply-side platform with behavioral tracking and consent bypass. Maximum legal tail risk from pre-consent ad serving and cross-site profiling.

146 IOCs44 detections2% pre-consent43 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Sonobi discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

44 detections across 43 sites2% pre-consent activity
MEDIUM

Pre-Consent Activity

Sonobi was observed loading and executing before user consent was obtained on 2% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Header bidding exposes your audience to entire programmatic ecosystem before consent. Competitors using same DSPs can target your visitors across the web. Meanwhile, privacy controls block 40%+ of behavioral targeting, systematically reducing CPMs for remaining inventory. Perfect legal tail risk means every pre-consent impression creates regulatory liability.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Sonobi

  • Audit ad serving timing - verify NO ads load before consent collection
  • Implement consent-first header bidding - all auctions must halt until explicit opt-in
  • Request bid stream data segregation - your audience should not train competitor targeting models
  • Replace behavioral targeting with contextual advertising (no user profiling required)

If You're Evaluating Sonobi

  • Contextual advertising platforms (no behavioral tracking required)
  • Consent-aware header bidding wrappers with pre-consent blocking
  • Direct ad sales eliminating programmatic data sharing

Negotiation Leverage

  • Perfect legal tail risk (100) reflects pre-consent ad serving - DPA must include unlimited indemnification for ALL impressions
  • Header bidding architecture exposes audience to entire programmatic ecosystem - confirm data segregation guarantees
  • Behavioral targeting creates 40% signal loss from privacy controls - demand transparency on CPM impact
  • Cross-site fingerprinting violates ePrivacy Directive - verify consent enforcement exists
  • Ad tech revenue model depends on consent bypass - standard DPA terms cannot address this structural violation
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

Impact: Behavioral targeting requires page context capture including content consumption patterns, creating GDPR Article 15 access request complications.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Header bidding initiates before consent banner interaction. Every pre-consent ad auction creates GDPR Article 6 violation with €20M/4% revenue penalty exposure.

BTI-C10Fingerprinting

Device identification

Impact: Device fingerprinting enables cross-site ad tracking without cookies, violating ePrivacy Directive and GDPR Article 21 (right to object).

IOC Manifest

IOC Manifest

140 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*sonobi.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*sonobi.com/js/inmobiTag.js*
Tracking script
TRACK
*sonobi.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/js/image-carousel.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/carousel.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/load-more.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor-pro/assets/js/posts.*.bundle.js*
Tracking script
TRACK
*sonobi.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*sonobi.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.js*
Tracking script
TRACK
sonobi.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
sonobi.com/js/inmobiTag.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/js/image-carousel.e02695895b33b77d89de.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/carousel.fc5e450716cd11d05beb.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/load-more.80eb3caec79a44347d74.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor-pro/assets/js/posts.fb47ff5b9f7ecb0aba80.bundle.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
sonobi.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Integrates with header bidding wrappers (Prebid.js), connects to DSP ecosystem. Shares bid stream data across programmatic advertising network.
Loads (1)
Linkedin
Loaded By (1)
Aol
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

146 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details