Research
·
Fraudulent email domain tracker: October 2025
This is the seventh edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in September&
Research
Latest
Research
·
How to detect disposable email domains without relying on 3rd party APIs and lists
To scale a fraud or bot attack, adversaries need more than just realistic automation. They need infrastructure. A convincing browser
Research
·
Roll your own bot detection: server-side detection (part 2)
This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint.
Research
·
Roll your own bot detection: fingerprinting/JavaScript (part 1)
This is the first article in a two-part series (new: 2nd article was published) where we show how to build
Research
·
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August&
Research
·
Deep dive: how navigator.deviceMemory can be used for fingerprinting and bot detection
The navigator.deviceMemory attribute is part of the Device Memory API. It exposes an approximate amount of system RAM to
Research
·
How we detected a CAPTCHA solver in the wild, and what it says about bot defenses
CAPTCHAs are everywhere, and almost universally hated. Whether it's deciphering blurry text or clicking every fire hydrant in
Research
·
Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed)
Over the past few years, I’ve written a lot about detecting automated browsers by exploiting side effects from the
Research
·
Fraudulent email domain tracker: August 2025
This is the fifth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in July&
Research
·
Finding links between fraudulent email domains using graph-based clustering
Every month, we publish a list of fraudulent email domains observed across the websites and mobile apps we protect. See
Research
·
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts
Research
·
Fraudulent email domain tracker: July 2025
This is the fourth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in June&