Preventing Account Takeovers with IP Intelligence
Industry: SaaS, Fintech, Social Platforms
The Challenge
Account takeover (ATO) attacks are on the rise — and most originate from suspicious IP addresses using VPNs, bots, or stolen sessions. Legacy login protection systems rely on device fingerprints and CAPTCHAs, which aren’t enough.
One fintech platform faced 3+ ATO attempts per hour, leading to compromised accounts and reputational risk.
The CandycornDB Solution
- Live IP Risk Scoring: Every login attempt was enriched in real-time with CandycornDB’s IP threat score.
- GeoIP Mismatch Flagging: If a US-based user logged in from an ASN in Eastern Europe or via a known proxy, the event was flagged.
- Tor & VPN Detection: Exit nodes and anonymized IPs were automatically denied access or required 2FA.
Integration Snapshot
# Node.js middleware to check login IP before processing auth
const axios = require('axios');
async function checkIpRisk(ip) {
const res = await axios.get(`https://api.candycorndb.com/ip/lookup?ip=${ip}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const risk = res.data.riskLevel;
if (risk === 'high') {
throw new Error('Login blocked: High risk IP detected');
}
}
Real-World Results
A SaaS provider implemented CandycornDB into their login pipeline:
- ✅ Blocked 94% of malicious ATO attempts
- ✅ Cut account fraud by 60% in the first 14 days
- ✅ Reduced dependence on CAPTCHA, improving UX
Why CandycornDB?
- Developer-ready API with sub-100ms response time
- Context-rich risk scoring powered by ASN reputation, Tor nodes, VPNs, and subnet history
- No client-side JS, easy to integrate in any auth system