v2.3-GOLD Risk math, not ZIP codes.

Geography is not
security.

IP2Location tells you a user is in London. CandycornDB tells you they are exiting through a Tor relay on M247 with 18 dirty /24 neighbors, and returns the audit receipt. v2.3 Base-Zero scoring with scoreReasons on every call. p99 under 50ms cached.

No Credit Card Required
Get API Key Read the Docs first

100 calls per day on the Developer tier. Free forever.

DATA DEPTH COMPARISON
📍

IP2Location

🇺🇸 US (Country)
NY (Region)
10001 (Zip)

No Risk Data

🛡️

CandycornDB

Score: 85 (High)
⚠️ Tor Exit Node
🚫 Abusive Subnet

Actionable Intel

Feature parity, side by side

A geolocation snapshot cannot answer the questions a v2.3 receipt does.

Capability CandycornDB v2.3 IP2Location
Primary Goal Fraud and abuse prevention Geolocation and analytics
Data Freshness Live, write-behind cache CSV refresh, monthly or daily
Subnet-Aware Scoring /24 CIDR clusters, +25 Per-IP only
Wholesale Landlord ID Clouvider, M247, Tesonet ASN string only
Base-Zero Transparency scoreReasons[] on every call No score returned
Tor and VPN Detection Tor consensus, ASN landlord, hostname pattern Basic boolean flags
Cached Lookup p99 < 50ms Local DB lookup, varies

Geolocation snapshot vs live refinery pipeline

A country and a ZIP code do not stop a Tor exit on M247. The architecture decides what the receipt can say.

Geolocation · Snapshot

IP2Location

Geographic snapshot for analytics. Not designed for fraud prevention.

Step 1
CSV download
DB1 through DB26 lite tiers. Bigger features ship behind paid tiers.
Step 2
You sync the file
Cron job, parser, hot-reload. Each refresh is a deploy event.
Step 3
Lookup returns geo fields
Country, region, city, ZIP, latitude, longitude. ASN string if your tier covers it.
Step 4
No fraud signal returned
No cluster math. No landlord identification. No score. Build your own logic on top.
Live · Auditable

CandycornDB v2.3 Refinery

Pipeline model with native risk scoring and signed receipts.

Step 1
Geo + identity in one call
Country, ASN, ASN landlord type, normalized ISP, all returned together.
Step 2
P1 /24 CIDR scan
Multi-key index on asns.prefixes, O(log N). networkCluster +25 when neighbors are dirty.
Step 3
P3 ASN landlord identification
Tor consensus, hosting keywords, VPN keywords, hostname pattern override. Sets asnType, isProxy.
Step 4
v2.3 Base-Zero score and receipt
Score, version, and scoreReasons[] returned together. No glue code required.

The audit receipt IP2Location cannot return

A Tor exit IP that IP2Location labels "London, GB." CandycornDB labels it score 100 with a five-component receipt.

// GET /api/public/lookup?ip=185.220.101.44 // IP2Location: country=GB, city=London. Risk signal: none. // CandycornDB: full v2.3 receipt. { "ip": "185.220.101.44", "score": 100, "scoreVersion": "v2.3-base-zero", "country": "DE", "asn": "AS9009", "asnType": "hosting", "isProxy": true, "isp": "M247 Ltd", "scoreReasons": [ { "component": "tor", "delta": 45, "detail": "tor exit node" }, { "component": "asnHosting", "delta": 15, "detail": "M247 matched HOSTING_KEYWORDS" }, { "component": "proxyInferred", "delta": 20, "detail": "vpn substring in PTR record" }, { "component": "networkCluster", "delta": 25, "detail": "12 dirty /24 neighbors" }, { "component": "communityAbuse", "delta": 25, "detail": "7 weighted reports" } ] } // Math: 0 + 45 + 15 + 20 + 25 + 25 = 130, clamped to 100.

A ZIP code is not a fraud signal. A signed receipt is.

No Credit Card Required

Stop trusting stale databases.
Start auditing your traffic.

100 calls per day on the Developer tier. v2.3 Base-Zero engine. scoreReasons on every call.

Get API Key Read the Docs first