Scoring VPN Traffic
Without Killing Conversions
VPN usage is exploding. Remote workers, digital nomads, and privacy-conscious developers use them every day. If your fraud prevention strategy is "Block All VPNs," you are actively burning money.
Most legacy IP tools return a binary flag: "is_vpn": true. This forces you into a corner. Do you block the legitimate user trying to buy your product from a Starbucks wifi? Or do you let in the fraudster hiding behind a proxy?
The answer isn't "Block" or "Allow." It's Context.
VPN ≠ Fraud: The Two User Types
At CandycornDB, we differentiate between types of anonymity. Not all VPNs are created equal.
The Nomad
Legitimate User- • Service: NordVPN / Proton
- • ASN: Datacenter (Low Abuse)
- • Subnet: Clean history
- • Score: 15 (Low)
The Scraper
Fraudster- • Service: Cheap Residential Proxy
- • ASN: High-Risk Hosting
- • Subnet: Frequent scraping
- • Score: 85 (High)
How We Score Smarter
Our engine looks at the infrastructure behind the IP, not just the "VPN" label.
- Provider Reputation: Is this IP owned by a consumer VPN company (like TunnelBear) that generally polices abuse? Or is it a "Bulletproof" host known for ignoring DMCA requests?
- Subnet Neighbors: If 50 other IPs in this /24 block have recently been flagged for card testing, this IP inherits that risk—even if it's "clean" right now.
- Velocity: Is this VPN exit node seeing a sudden spike in traffic across our entire network?
The Cost of False Positives
Every time you block a real user, you lose more than just that sale. You lose Lifetime Value (LTV) and brand trust.
The Recommended Strategy
Don't block on is_vpn: true. Block on risk_score > 75. For scores between 50-75 (the "Grey Zone"), trigger friction instead of a ban. Ask for 2FA, Email Verification, or CAPTCHA.
Start Detecting Without Destroying UX
You don't need to choose between security and growth. By using granular risk scoring, you can catch the bots while rolling out the red carpet for your actual customers.