Research
·
Introducing Castle’s Research Team
How we think about research at Castle Bot detection and fraud prevention are adversarial by default. It is a cat-and-mouse
The Castle blog
Research and insights on stopping modern bots and fraud
Featured
Latest
Introducing Castle’s Research Team
How we think about research at Castle Bot detection and fraud prevention are adversarial by default. It is a cat-and-mouse
Research
·
Inside a bot operator’s email verification infrastructure
During an investigation into a large-scale automated account creation attack targeting one of our customers, we observed a burst of
Research
·
Account enumeration in the wild: analyzing a real-world Spotify enumeration tool
In this blog post, we study the Spotify-Account-Checker open source project. The author describes it as: “An automated tool for
Research
·
You see an email ending in .eu.org. Must be legit, right?
At first glance, an email address ending in .eu.org looks trustworthy. It feels institutional, maybe even official. Many people
Research
·
Detecting forged browser fingerprints for bot detection, lessons from LinkedIn
In my previous post, I showed how LinkedIn detects browser extensions as part of its client-side fingerprinting strategy. That post
Research
·
Detecting browser extensions for bot detection, lessons from LinkedIn and Castle
Modern bot detection rarely deals with obviously fake browsers. Most large-scale automation today runs inside browser instances, with patched fingerprints,
Research
·
Fingerprints beyond device IDs: engineered representations for fraud detection
In fraud and bot detection, people usually think of fingerprinting as the classic browser or device fingerprint. This comes from
Research
·
Fraudulent email domain tracker: December 2025
Every month, we publish a snapshot of the email domains most actively used in fake account creation and related abuse
Research
·
Episode 3: Bought the wrong proxies again, did an unboxing anyway
If you have been following this series (post 1 and post 2), you know the ritual by now. I buy
![Investigating tinyhost[.]shop: a disposable email API used for large-scale fake account creation](/content/images/size/w960/format/webp/2025/12/image--15-.webp)
Research
·
Investigating tinyhost[.]shop: a disposable email API used for large-scale fake account creation
While working on a new customer, we identified a burst of automated activity linked to accounts created before Castle protections
Research
·
Once again, I bought the wrong proxies, better do science with my bandwidth
A few months ago, I accidentally bought sneaker proxies. Instead of crying over my mistake, I did what any reasonable
Research
·
Because fraud detection deserves better than another AI-written SEO page
If you landed here after searching for something like “browser fingerprint test”, “bot detection API”, or “Kameleo anti-detect browser”, then