Traffective | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Traffective discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

1 detection across 1 site100% pre-consent activity

CRITICAL

Pre-Consent Activity

Traffective was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN

They Claim

“Requires claims extraction via CDT”

Observed Behavior

Runtime evidence confirms C01/C06/C07/C09/C10 activation

Customer Impact

What This Means For You

Marketing spend trains competitor targeting systems. Visitor behavioral data feeds programmatic exchanges where competitors bid on audience segments derived from YOUR traffic. Legal holds 100% exposure risk from consent bypass and fingerprinting. Display networks re-target visitors across publisher properties.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Traffective

→Immediate removal from advertising stack
→Legal review of DSP data sharing agreements
→Audit programmatic exchanges for audience segment leakage
→Notify DPO of consent bypass behavior

If You're Evaluating Traffective

→First-party display advertising alternatives
→Contextual targeting without behavioral tracking
→Consent-compliant audience measurement

Negotiation Leverage

→Traffective creates legal liability through consent bypass and behavioral tracking
→90% CAC subsidization funds competitor audience targeting
→Visitor data flows to programmatic exchanges beyond your control
→Removal required before next privacy audit
→No contractual limits prevent competitor access to your audience data

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Bypasses consent controls to capture data regardless of user preferences

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures unique behavioral patterns for audience segmentation

BTI-C07Session Recording

Full session replay

Impact: Records visitor sessions for behavioral profiling

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Activates before consent mechanisms, defeating privacy controls

BTI-C10Fingerprinting

Device identification

Impact: Creates persistent visitor profiles for cross-platform targeting

IOC Manifest

57 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*traffective.com/wp-includes/js/jquery/jquery-migrate.js*

Tracking script

TRACK

*traffective.com/wp-includes/js/jquery/jquery.js*

Tracking script

TRACK

*traffective.com/wp-content/uploads/dynamic_avia/avia-head-scripts-*---*.js*

Tracking script

TRACK

*traffective.com/wp-content/plugins/sitepress-multilingual-cms/dist/js/browser-redirect/app.js*

Tracking script

TRACK

*traffective.com/wp-includes/js/mediaelement/mediaelement-migrate.js*

Tracking script

TRACK

*traffective.com/wp-includes/js/mediaelement/mediaelement-and-player.js*

Tracking script

TRACK

*traffective.com/wp-includes/js/mediaelement/wp-mediaelement.js*

Tracking script

TRACK

*traffective.com/wp-content/plugins/lazy-loading-responsive-images/js/lazysizes.js*

Tracking script

TRACK

*traffective.com/wp-content/plugins/visual-portfolio/build/assets/js/pagination-infinite.js*

Tracking script

TRACK

*traffective.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-*---*.js*

Tracking script

TRACK

*traffective.com/wp-includes/js/wp-emoji-release.js*

Tracking script

TRACK

traffective.com/wp-includes/js/jquery/jquery.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-includes/js/jquery/jquery-migrate.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-content/plugins/sitepress-multilingual-cms/dist/js/browser-redirect/app.js

Auto-extracted from scan

TRACK

traffective.com/wp-content/uploads/dynamic_avia/avia-head-scripts-efb8feeae91e4fc9a91854b11cd29bd7---6835c81618331.js

Auto-extracted from scan

TRACK

traffective.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-includes/js/mediaelement/wp-mediaelement.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-content/plugins/lazy-loading-responsive-images/js/lazysizes.min.js

Auto-extracted from scan

TRACK

traffective.com/wp-content/plugins/visual-portfolio/build/assets/js/pagination-infinite.js

Auto-extracted from scan

TRACK

traffective.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-43c9b0a41756b091501b08313a5a1ed9---68713d768da8f.js

Auto-extracted from scan

TRACK

traffective.com/wp-includes/js/wp-emoji-release.min.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Traffective integrates with programmatic display exchanges, DSPs, and audience data brokers. Visitor data flows to ad networks where competitors purchase access to your audience segments. Partnership with publisher networks enables cross-platform visitor tracking.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

60 detection signatures across scripts, domains, cookies, and network endpoints