Weborama | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Weborama discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

1 detection across 1 site100% pre-consent activity

CRITICAL

Pre-Consent Activity

Weborama was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN

They Claim

“Requires claims extraction via CDT”

Observed Behavior

Defeat device, behavioral biometrics, session recording, consent bypass, and fingerprinting detected in runtime

Customer Impact

What This Means For You

Marketing teams lose attribution clarity when audience intelligence distorts visitor behavior analysis. Analytics teams face measurement corruption from DSP behavioral layering. Legal teams inherit maximum liability exposure when advertising platform deploys consent bypass. Revenue operations teams subsidize competitor intelligence through shared audience infrastructure.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Weborama

→Audit defeat device deployment within audience intelligence infrastructure
→Review session recording scope in targeting workflows
→Verify fingerprinting boundaries for audience continuity mechanisms
→Require consent collection before Weborama tracking initialization

If You're Evaluating Weborama

→DSP solutions without embedded visitor surveillance beyond ad delivery
→Privacy-respecting audience platforms limiting tracking scope
→Contextual advertising eliminating behavioral profiling and cross-customer intelligence leakage

Negotiation Leverage

→Challenge defeat device mechanisms within advertising infrastructure
→Require disclosure of all surveillance capabilities beyond audience intelligence
→Demand opt-out from cross-customer audience monitoring analysis
→Request data processing agreement amendments addressing visitor tracking through DSP platform
→Negotiate liability protection for consent violations by audience intelligence infrastructure

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Detection evasion mechanisms obscure tracking deployment within audience intelligence infrastructure.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Interaction patterns captured to enhance audience profiles and improve targeting precision.

BTI-C07Session Recording

Full session replay

Impact: Website sessions captured to contextualize audience behavior and optimize segmentation strategies.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tracking mechanisms active through advertising infrastructure before visitor consent collection completes.

BTI-C10Fingerprinting

Device identification

Impact: Device characteristics harvested for audience continuity across campaigns and publisher networks.

IOC Manifest

96 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*weborama.com/wp-includes/js/jquery/jquery.js*

Tracking script

TRACK

*weborama.com/wp-includes/js/jquery/jquery-migrate.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/display-medium-posts/public/vendors/owl-carousel/owl.carousel.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/display-medium-posts/public/js/display-medium-posts-public.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/filter-for-divi/df-script.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/addons-for-divi/assets/libs/magnific-popup/magnific-popup.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/addons-for-divi/assets/libs/counter-up/counter-up.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/addons-for-divi/assets/libs/slick/slick.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/addons-for-divi/assets/js/frontend.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/popups-for-divi/scripts/front.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/js/smoothscroll.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/js/scripts.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/supreme-modules-for-divi/scripts/frontend-bundle.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/core/admin/js/common.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/supreme-modules-for-divi/includes/modules/Lottie/frontend.js*

Tracking script

TRACK

*weborama.com/wp-content/plugins/supreme-modules-for-divi/public/js/lottie.js*

Tracking script

TRACK

*weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js*

Tracking script

TRACK

*weborama.com/wp-content/uploads/*/10/business-team-working-on-marketing-goal-2.json*

Tracking script

TRACK

*weborama.com/wp-content/uploads/*/10/35_Video-Marketing-M-4.json*

Tracking script

TRACK

weborama.com/wp-includes/js/jquery/jquery.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-includes/js/jquery/jquery-migrate.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/display-medium-posts/public/vendors/owl-carousel/owl.carousel.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/display-medium-posts/public/js/display-medium-posts-public.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/filter-for-divi/df-script.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/addons-for-divi/assets/libs/magnific-popup/magnific-popup.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/addons-for-divi/assets/libs/slick/slick.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/addons-for-divi/assets/libs/counter-up/counter-up.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/addons-for-divi/assets/js/frontend.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/popups-for-divi/scripts/front.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/js/scripts.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/js/smoothscroll.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/supreme-modules-for-divi/scripts/frontend-bundle.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/core/admin/js/common.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/supreme-modules-for-divi/public/js/lottie.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/plugins/supreme-modules-for-divi/includes/modules/Lottie/frontend.min.js

Auto-extracted from scan

TRACK

weborama.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Weborama integrates with advertising exchanges and data management platforms, creates measurement interference through audience intelligence layer, and establishes cross-customer monitoring channels observing targeting strategies across shared customer base.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

101 detection signatures across scripts, domains, cookies, and network endpoints