Research
·
Detecting Gmail-based fake accounts: what Emailnator teaches us
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are
Antoine Vastel
Antoine is currently the Head of Research at Castle. In this role, he focuses on improving Castle's bot detection engine using different approaches, including behavioral detection, and fingerprinting.
Latest
Research
·
Bought sneaker proxies by mistake, did science with them anyway
The other day, I bought sneaker proxies by mistake. I know, I know, how do you accidentally buy sneaker proxies?
Industry
·
CAPTCHAs 101: what they are, how they work, and where they fall short
CAPTCHAs are the most recognizable anti-bot mechanism on the web. Whether you're logging into a game, signing up
Industry
·
Fake account creation attacks: anatomy, detection, and defense
Fake account creation is one of the most persistent forms of online abuse. What used to be a fringe tactic
Industry
·
Credential stuffing attacks: anatomy, detection, and defense
Credential stuffing remains one of the most scalable and persistent threats on the internet. While defenders have improved at catching
Research
·
Fraudulent email domain tracker: June 2025
This is the third edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in Mays’
Research
·
How bot detection misfires on non-mainstream browsers and privacy tools
Every time there's a Hacker News thread about bots, bot detection, or CAPTCHAs, a familiar complaint shows up:
Research
·
From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection
Browser automation tools like Puppeteer, Playwright, and Selenium are widely used for testing, scraping, and other automation tasks. However, because
Research
·
What TikTok’s virtual machine tells us about modern bot defenses
A recent Hacker News post looked at the reverse engineering of TikTok’s JavaScript virtual machine (VM). Many commenters assumed
Research
·
Fraudulent email domain tracker: May 2025
This is the second edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in April’
Research
·
What a Binance CAPTCHA solver tells us about today’s bot threats
In this post, we analyze an open-source CAPTCHA solver designed to bypass a custom challenge deployed on Binance, one of
Research
·
Detecting Hidemium: Fingerprinting inconsistencies in anti-detect browsers
This is the fourth article in our series on anti-detect browsers. In the previous post, we explained how to detect