Case Study: Stopping Account Takeover (ATO)

The Challenge: Rotating Proxies

A major consumer fintech app was facing a relentless Credential Stuffing attack. Hackers had bought 100 million username/password pairs from a data breach and were trying them all on the app's login API.

Why standard rate limits failed: The attackers used a "Rotating Proxy Network." Every single login attempt came from a different IP address. Rate limiting by IP (`5 attempts per IP`) did nothing because no IP was ever used twice.

The Solution: Subnet & ASN Intelligence

The security team deployed CandycornDB to analyze the network infrastructure of incoming requests. They discovered two patterns:

30% of traffic was coming from Data Center ASNs (DigitalOcean, AWS, M247) pretending to be mobile phones.
70% was coming from "clean" Residential Proxies, but they were clustered in specific /24 subnets known for abuse.

// Login Controller const net = await candycorn.score(req.ip); // 1. Block Hosting Providers (Bots shouldn't log in from AWS) if (net.asn_type === 'hosting' && !net.is_verified_bot) { return res.status(403).json({ error: "Access Denied" }); } // 2. Detect Proxy Clusters if (net.subnet_risk > 80 || net.is_tor) { // Force 2FA or Email Verification return trigger2FA(req.user); }

The Result

By filtering based on Network Type rather than just IP Reputation, the team blocked 99.8% of the bot traffic. Legitimate users (logging in from Verizon, Comcast, T-Mobile) saw zero friction, while the attackers' success rate dropped to zero.

Kill Credential Stuffing
In 50 Milliseconds.

The Challenge: Rotating Proxies

The Solution: Subnet & ASN Intelligence

The Result

Secure your login flow today.