Instantly Score IP Risk. Detect Threats. Stop Fraud.
Real-time IP intelligence for developers, fraud teams, and cybersecurity platforms.
β
Built for Developers
Minimal, fast JSON API. No SDKs, no friction β get started in minutes.
π§ Proprietary Intelligence
We donβt resell stale feeds. All IP scoring data is collected, cleaned, and enriched in-house.
β‘ Real-Time Scoring
Score IPs in under 200ms with behavior, network, and subnet context baked in.
π Privacy-First
No cookies, trackers, or analytics β just clean security data. Youβre not the product.
Identify high-risk IPs originating from malicious sources, bulletproof hosts, and threat actor infrastructure.
Detect and track Tor exit nodes to mitigate risk from anonymized and potentially malicious traffic sources.
Generate real-time fraud scores using network behavior, geolocation mismatch, hosting patterns, and IP history.
Map IP relationships and subnet behavior to expose botnets, fraud rings, and coordinated network abuse.
Our sophisticated fraud scoring system analyzes multiple risk factors to provide accurate threat assessment.
IPs in this range often indicate malicious infrastructure β such as Tor exit nodes, abuse-prone proxies, and bulletproof hosting used for fraud, scraping, or attacks.
These IPs may belong to VPNs, commercial cloud servers, or anonymization networks β often flagged for inconsistent or suspicious behavior patterns.
Typically residential or business connections with strong trust signals, consistent behavior, and no historical evidence of abuse.
Our scoring model evaluates ASN reputation, geolocation stability, subnet behavior, port activity, and historical abuse signals.
Identify related IPs and network clusters to uncover coordinated malicious infrastructure.
Our system correlates network signals across subnet, ASN, and behavior to reveal hidden relationships between IPs β enhancing early threat detection and fraud prevention.
CandycornDB collects IP intelligence from diverse, high-confidence sources to power real-time fraud detection and threat analysis.
We continuously monitor and update all active Tor exit nodes to help identify anonymous traffic often used in scraping, credential stuffing, and other high-risk behavior.
Includes IPs from Autonomous System Numbers (ASNs) linked to malicious infrastructure β including bulletproof hosts, spam networks, and exploit distribution.
We flag IPs from countries and regions frequently associated with fraud rings, botnets, or coordinated cyber operations.
Detects IPs associated with anonymizing services β including commercial VPNs, residential proxies, and open proxies commonly abused by threat actors.
Effortlessly query real-time IP intelligence with a developer-friendly API designed for scale, speed, and reliability.
curl -X GET 'https://candycorndb.com/api/public/data?page=1&limit=10' \
-H 'X-API-Key: your_api_key_here'Check Trust Score & Network Context for a Specific IP
curl -X GET 'https://candycorndb.com/api/public/data/network/1.2.3.4' \
-H 'X-API-Key: your_api_key_here'Want to integrate CandycornDB into your stack?
β π§ Read the API Docs