v2.3-GOLD Base-zero scoring. Receipts on every call.

Pay per primitive,
not per promise.

Every tier ships the full v2.3 engine: scoreReasons on every response, asnType classification, and /24 CIDR neighbor density. No black boxes. No "Contact Sales" for production access. p99 under 50ms.

Developer

$0

Prototypes, side projects, MaxMind replacement spikes.

No Credit Card Required
Start Free
  • 100 requests / day, rolling UTC window
  • Single-IP endpoint: /api/public/ip-score
  • Full scoreReasons audit receipt on every call
  • asnType, isProxy, normalized ISP
  • P1 networkCluster signal (/24 neighbors)
  • firstSeen / lastSeen temporal data
  • Pin scoreVersion in CI for stable rollouts
  • Bulk scoring
  • Community reporting
MOST POPULAR

Production

$49/mo

Signup pages, checkout flows, API abuse walls for growing SaaS.

Everything in Developer, plus:
  • 100,000 requests / month
  • POST /bulk-score up to 100 IPs / call
  • POST /report to feed the abuse corpus
  • Fail-open on Redis blips (developer tier fails closed)
  • Parallel hydration: ASN, subnet, abuse in one request
  • Self-healing cache: stale rows auto-upgrade to v2.3
  • Email support, 24h response target

Scale

$299/mo

Fraud ops, trust & safety, high-volume ATO defense.

Everything in Production, plus:
  • 1,000,000 requests / month
  • /bulk-score up to 1,000 IPs / call
  • GET /abuse/:ip weighted reporter history
  • GET /asn/high-risk curated landlord blocklist
  • GET /asn/clusters BGP relationship graphs
  • Coordinated-abuse hunts across ASN cohorts
  • Priority support, 4h response target
  • Custom SLAs on request
Coming from MaxMind, IPinfo, or AbuseIPDB?

Three things we do differently.

Legacy IP databases hand you a number and walk away. v2.3-GOLD hands you the number, the math, and the commit hash. You can ship it to production without guessing.

Full comparison: CandycornDB vs MaxMind →
1
Base-zero scoring with signed receipts.
MaxMind returns an opaque risk score. We start at 0, add deltas, and ship the scoreReasons array so you can defend every block in a support ticket.
2
/24 CIDR neighbor density.
We score the whole block. A fresh IP in a dirty /24 is flagged before its first request. Competitors score one IP in isolation.
3
ASN landlord identification.
Clouvider, M247, Performive, NordVPN, Tesonet. We tag the wholesale infrastructure behind commercial VPNs. No more "Unknown" on fresh hosting ranges.

Every tier ships the full engine.

We do not gate primitives. Developer keys get the same scoring math as Scale keys. Paid tiers unlock volume, bulk, and the intelligence feeds.

🎯

v2.3 Base-Zero Engine

  • Starts at 0, not 50
  • Trust bonuses: -10 residential
  • Hosting penalty: +15
  • Tor short-circuit removed
🛰️

P1 Subnet Clustering

  • /24 CIDR neighbor scan
  • ipLong index, O(log N)
  • networkCluster +25 when dirty
  • /22 expansion on roadmap
🏢

P3 ASN Landlord ID

  • Hosting, residential, mobile, VPN
  • Hostname pattern override
  • IP→ASN prefix resolver
  • Normalized isp field
🧾

Audit Receipts

  • scoreReasons[] on every call
  • { component, delta, detail }
  • scoreVersion pinned
  • p99 under 50ms cached

The receipt, not the promise.

Every score ships with the math. Developers can paste this into a ticket.

{
  "ip": "185.220.101.44",
  "score": 100,
  "scoreVersion": "v2.3-base-zero",
  "asnType": "hosting",
  "isProxy": true,
  "isp": "M247 Ltd",
  "scoreReasons": [
    { "component": "tor",            "delta": 45, "detail": "tor exit node" },
    { "component": "asnHosting",     "delta": 15, "detail": "M247 infrastructure" },
    { "component": "proxyInferred",  "delta": 20, "detail": "hostname match" },
    { "component": "networkCluster", "delta": 25, "detail": "12 dirty /24 neighbors" },
    { "component": "communityAbuse", "delta": 25, "detail": "7 weighted reports" }
  ]
  // 0 + 45 + 15 + 20 + 25 + 25 = 130, clamped to 100
}

Questions developers actually ask.

What happens when I hit the rate limit?+

A 429 with Retry-After and the full remaining quota headers. Developer keys use a rolling UTC day bucket. Production and Scale use a monthly window reset on the first of each month.

Do I have to send a credit card to try it?+

No. Developer is free forever. 100 requests per day, the full v2.3 engine, complete scoreReasons audit. No card, no trial clock.

Can I pin a scoreVersion so my tests do not break on every deploy?+

Yes. Every response carries a scoreVersion string. We bump it on material math changes, not cosmetic ones. Lock to v2.3-base-zero in CI and read our changelog before upgrading.

How fast is a cached lookup?+

p99 under 50ms for cached IPs. First-contact IPs hit the JIT path: ASN prefix resolution, parallel hydration of subnet and abuse signals, then write-behind persistence. Typical JIT latency is 200 to 400ms.

What does the Production tier fix that Developer does not?+

Volume (100k/mo), /bulk-score for batch workflows, /report to contribute back to the abuse corpus, and fail-open behavior if Redis has a hiccup. Developer fails closed on Redis outages so unmetered traffic cannot leak through.

Do you share data with other customers?+

The abuse corpus is shared by design. That is the point. Your lookups are not. Logs are retained for 30 days for rate limiting and billing, then purged.

Need Enterprise volume (over 5M/mo), private deployments, or SOC2 paperwork? Contact Sales