How CandycornDB Works

Overview

CandycornDB is a real-time IP intelligence platform engineered to detect and assess IP-based threats using proprietary data collection, fraud scoring algorithms, and deep network analysis.

Architecture Highlights

• Real-Time Collection: IP addresses are collected continuously through our ip-collector.js module.
• Cleaning Pipeline: Raw data is processed and filtered using ip-cleaner.js to ensure only relevant, enriched intelligence is retained.
• Fraud Scoring Engine: Each IP is scored using heuristics and ASN-based risk signals in ip-intelligence.js.
• Subnet & ASN Mapping: subnet-intelligence.js and asn-database-manager.js cluster IPs by behavior and infrastructure patterns.
• API Distribution: The server.js module powers a performant and scalable RESTful API for client access.

Why CandycornDB is Better

• Future-Proof Design: Modular architecture with scalability and extensibility in mind.
• No Reliance on 3rd-Party Feeds: All data is harvested independently, increasing reliability and longevity.
• Behavioral Risk Models: Risk is determined not just by labels, but by network behavior and AS clustering.
• Developer-First Access: Easy-to-integrate API, rich documentation, and transparent fraud scoring system.

Example API Call

What's Next

CandycornDB is evolving rapidly with features like anomaly detection, global subnet heatmaps, and adaptive reputation scoring planned for future releases.