All Vendors
deanon

Surfe

Surfe operates as a LinkedIn-integrated sales intelligence tool with significant privacy and competitive intelligence risks. Pre-consent activation, behavioral biometrics, session replay, and aggressive persistence create legal exposure. The 100% CAC subsidization score reflects direct competitive value extraction from visitor behavioral data.

209 IOCs104 detections4% pre-consent102 sites
90
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Surfe discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

104 detections across 102 sites4% pre-consent activity
MEDIUM

Pre-Consent Activity

Surfe was observed loading and executing before user consent was obtained on 4% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Runtime evidence confirms C01/C06/C07/C09/C10/C13/C15 activation

Customer Impact

What This Means For You

Your marketing spend trains competitor prospecting systems. Sales teams using Surfe see which companies visit your site, what content they engage with, and when buying intent signals appear. You pay for infrastructure; competitors harvest the intelligence. Legal holds 100% exposure risk from consent bypass and biometric capture.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Surfe

  • Immediate removal from GTM stack
  • Legal review of data processing agreements
  • Audit CRM integrations for Surfe data imports
  • Notify DPO of consent bypass behavior

If You're Evaluating Surfe

  • Sales intelligence alternatives with consent-first architecture
  • First-party intent signal infrastructure
  • Visitor identity resolution under lawful basis

Negotiation Leverage

  • Surfe creates unlimited legal liability through consent bypass and biometric capture
  • 100% CAC subsidization means you fund competitor prospecting operations
  • Session replay and behavioral tracking violate core privacy controls
  • Removal required before next compliance audit
  • No technical safeguards can remediate consent bypass architecture
Runtime Detections

Runtime Detections

8 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Bypasses consent controls to capture data regardless of user preferences

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures unique behavioral patterns for persistent identity resolution

BTI-C07Session Recording

Full session replay

Impact: Records visitor sessions including form interactions and navigation patterns

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Activates before consent mechanisms, defeating privacy controls

BTI-C10Fingerprinting

Device identification

Impact: Creates persistent visitor profiles across sessions and devices

BTI-C13Persistence Mechanisms

Long-lived identifiers

Impact: Maintains visitor identity across sessions and browser states

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Deploys additional tracking tags dynamically, expanding surveillance footprint

IOC Manifest

IOC Manifest

194 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.surfe.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/app.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*www.surfe.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*www.surfe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_text-ticker_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_svg-path-length_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_title-replacements_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_accordions_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-product-tabs_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-featured-accordions-narrow_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_lottie-web_build_player_lottie_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-three-steps_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_swiper_swiper_esm_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_chili-piper_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_regenerator-runtime_runtime_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_gform_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_components_Dropdown_js-src_js_modules_module_Module_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-youtube_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-home-testimonials_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_newsletter_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-vimeo_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-super-menu_index_js.*.bundle.js*
Tracking script
EXFIL
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-reveal-text_index_js.*.bundle.js*
Data collection endpoint
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-facebook_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_find-rate-map_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-header_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_find-rate-chart_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-video_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-nav_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-contact-panel_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_chart_js_auto_auto_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-footer_index_js.*.bundle.js*
Tracking script
TRACK
*www.surfe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
EXFIL
*www.surfe.com/wp-content/uploads/*/07/AddtoCRM_LIEnrich_V3-LIremoved.json*
Data collection endpoint
TRACK
*www.surfe.com/wp-content/themes/surfe/src/lottie/pulsing-point-animation.json*
Tracking script
TRACK
www.surfe.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
www.surfe.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/app.6c7a349822920e56551b.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_svg-path-length_index_js.00fd681becc3106ddccf.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_accordions_index_js.4cd1f034f9da7af989f7.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_title-replacements_index_js.bd6260d5c10d64212838.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_text-ticker_index_js.85abab5e9d07792d1e5b.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-three-steps_index_js.dac0d10b80d3ed057cfa.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_swiper_swiper_esm_js.80b52ebce5d9cc61f85d.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_lottie-web_build_player_lottie_js.e85558c8e6f8f4b9e8c9.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-featured-accordions-narrow_index_js.1d54a6b32e685a3f74ee.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-product-tabs_index_js.45a5a18bd348f7a9e504.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_regenerator-runtime_runtime_js.8a31cbaf922e55c89720.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/vendors-node_modules_chart_js_auto_auto_js.e2175110bad8c947197c.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_components_Dropdown_js-src_js_modules_module_Module_js.6960664f8c915bf2a785.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_find-rate-chart_index_js.2d1db878451aa7b2bf63.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_find-rate-map_index_js.6cb1505c04a73f9bab2d.bundle.js
Auto-extracted from scan
EXFIL
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-reveal-text_index_js.1a7797c0c191ea0a4686.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_pb-row-home-testimonials_index_js.1ad3e0a5bcc53dd2714e.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_modules_newsletter_index_js.9c95d77d41b34e85d652.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_gform_index_js.16ca326fb8c79ba71ae9.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-vimeo_index_js.9138b08429982143609a.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-youtube_index_js.3f0646ca794edba462ca.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_mouse-wheel-facebook_index_js.f366a97df6d98da6a44c.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_chili-piper_index_js.4ffab260882714fd37a4.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-header_index_js.188407252fdaad895970.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-super-menu_index_js.358e3ddc556326b53991.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-nav_index_js.3d929e005e7775d42bb4.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-contact-panel_index_js.3f258c2bd9716f3e3cbb.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-footer_index_js.92f9b71b387d1686810e.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/wp-content/themes/surfe/dist/js/src_js_ui_site-video_index_js.9e67ff8aac229496a08e.bundle.js
Auto-extracted from scan
TRACK
www.surfe.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/d251aa49a8a3/main.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Surfe integrates with LinkedIn Sales Navigator, CRM systems, and sales engagement platforms. Data flows to prospecting databases where competitor sales teams access behavioral intelligence. The deanon infrastructure suggests partnerships with identity resolution providers and B2B data brokers.
Loads (2)
MetapixelSalesloft
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

209 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details