Research
·
You see an email ending in .eu.org. Must be legit, right?
At first glance, an email address ending in .eu.org looks trustworthy. It feels institutional, maybe even official. Many people
Antoine Vastel
Antoine is currently the Head of Research at Castle. In this role, he focuses on improving Castle's bot detection engine using different approaches, including behavioral detection, and fingerprinting.
Latest
Research
·
Detecting forged browser fingerprints for bot detection, lessons from LinkedIn
In my previous post, I showed how LinkedIn detects browser extensions as part of its client-side fingerprinting strategy. That post
Research
·
Detecting browser extensions for bot detection, lessons from LinkedIn and Castle
Modern bot detection rarely deals with obviously fake browsers. Most large-scale automation today runs inside browser instances, with patched fingerprints,
Research
·
Fingerprints beyond device IDs: engineered representations for fraud detection
In fraud and bot detection, people usually think of fingerprinting as the classic browser or device fingerprint. This comes from
Research
·
Fraudulent email domain tracker: December 2025
Every month, we publish a snapshot of the email domains most actively used in fake account creation and related abuse
Research
·
Episode 3: Bought the wrong proxies again, did an unboxing anyway
If you have been following this series (post 1 and post 2), you know the ritual by now. I buy
![Investigating tinyhost[.]shop: a disposable email API used for large-scale fake account creation](/content/images/size/w960/format/webp/2025/12/image--15-.webp)
Research
·
Investigating tinyhost[.]shop: a disposable email API used for large-scale fake account creation
While working on a new customer, we identified a burst of automated activity linked to accounts created before Castle protections
Research
·
Once again, I bought the wrong proxies, better do science with my bandwidth
A few months ago, I accidentally bought sneaker proxies. Instead of crying over my mistake, I did what any reasonable
Research
·
Because fraud detection deserves better than another AI-written SEO page
If you landed here after searching for something like “browser fingerprint test”, “bot detection API”, or “Kameleo anti-detect browser”, then
Research
·
Fraudulent email domain tracker: November 2025
Every month, we publish a snapshot of the email domains most actively used in fake account creation and related abuse
Research
·
330 custom email domains, and what this tells us about how attackers build infrastructure for fake account creation
We recently detected and blocked a large-scale fake account creation campaign. The attacker attempted to register tens of thousands of
Research
·
When canvas lies: handling randomized fingerprints in fraud detection
Why canvas fingerprinting matters in fraud detection Canvas fingerprinting is often presented as a textbook example of browser fingerprinting. The