Research
·
Roll your own bot detection: server-side detection (part 2)
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint.
Research
Latest
Research
·
Roll your own bot detection: fingerprinting/JavaScript (part 1)
This is the first article in a two-part series where we show how to build your own anti-bot system to
Research
·
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August&
Research
·
Deep dive: how navigator.deviceMemory can be used for fingerprinting and bot detection
The navigator.deviceMemory attribute is part of the Device Memory API. It exposes an approximate amount of system RAM to
Research
·
How we detected a CAPTCHA solver in the wild, and what it says about bot defenses
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in
Research
·
Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed)
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
Research
·
Fraudulent email domain tracker: August 2025
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Research
·
Finding links between fraudulent email domains using graph-based clustering
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Research
·
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Research
·
Fraudulent email domain tracker: July 2025
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&
Research
·
How to detect Selenium bots?
Headless Chrome bots controlled by Selenium remain a staple in the bot developer’s toolkit in 2025. While newer frameworks
Research
·
Detecting Gmail-based fake accounts: what Emailnator teaches us
Most disposable email services are easy to detect. They use obvious domains like tempmail.xyz or tmxttvmail.com, which are