Research
·
Fraudulent email domain tracker: July 2025
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&
Latest — page 2
Industry
·
Bringing bot detection research to your AI-powered workflow
At Castle, we’ve increasingly embedded LLMs and tools like Cursor into our research workflows, whether we’re prototyping detection
Industry
·
What browser fingerprinting tests like Amiunique and Browserleaks really show, and what they miss
If you’ve ever visited a site like amiunique.org, browserleaks.com, or pixelscan.net, you’ve probably seen a
Research
·
How to detect Selenium bots?
Headless Chrome bots controlled by Selenium remain a staple in the bot developer’s toolkit in 2025. While newer frameworks
Company
·
How we hire at Castle
We learned our hiring philosophy the hard way: by getting it completely wrong. After Y Combinator in 2016, we did
Research
·
Detecting Gmail-based fake accounts: what Emailnator teaches us
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are
Guides
·
How to detect Brave browser using HTTP headers and JavaScript
When it comes to bot and fraud detection, identifying the exact browser being used can be important, especially for privacy-focused
Guides
·
How to detect browser time zone using JavaScript
Time zone is a valuable signal in both bot and fraud detection. It's commonly used in browser fingerprinting
Research
·
Bought sneaker proxies by mistake, did science with them anyway
The other day, I bought sneaker proxies by mistake. I know, I know, how do you accidentally buy sneaker proxies?
Industry
·
CAPTCHAs 101: what they are, how they work, and where they fall short
CAPTCHAs are the most recognizable anti-bot mechanism on the web. Whether you're logging into a game, signing up
Industry
·
Fake account creation attacks: anatomy, detection, and defense
Fake account creation is one of the most persistent forms of online abuse. What used to be a fringe tactic
Industry
·
Credential stuffing attacks: anatomy, detection, and defense
Credential stuffing remains one of the most scalable and persistent threats on the internet. While defenders have improved at catching