American Users have wrong IP address geolocation

fpg1503 asked:

In order to display the right content for my users I get their country based on their IP address. I have been receiving several reports from American users saying that the content is being displayed incorrectly. I always check their IP address and my country detection API is right, for some reason American users are being assigned IP addresses from other countries.

Is this a regular practice? Does this have something to do with the IPcalypse? Is there a better way to get the user’s location?

Edit: I’m using an API called MaxMind to get the location based on the IP, this issue has only happened with IPv4 users so far. The last issue I had was with an American user whose IP address location was showing up as Malaysia, their IP Address was 161.139.224.31, all I know is that the user is using a device with iOS.

My answer:


Maxmind is a good service, though occasionally there can be errors, since we’re now in the time period where IPv4 blocks are scarce, and are being traded and resold on a gray market. If you do find an actual error you can report it to them, though this doesn’t appear to be an error.

This is basically how I confirm the location of an IP address:

First, I’ll see what Maxmind says about it. Their online tool tells me it’s in Malaysia and registered to Universiti Teknologi Malaysia. But is it really?

Maxmind GeoIP results for 161.139.224.31

Second, I’ll check the whois record for the address. APNIC also says it’s registered to UTM. Not looking good for your supposed American…

inetnum:        161.139.0.0 - 161.139.255.255
netname:        UTMNET
descr:          Universiti Teknologi Malaysia
country:        MY
admin-c:        UTM1-AP
tech-c:         UTM1-AP
status:         ALLOCATED PORTABLE
mnt-by:         MAINT-MY-UNITEKMY
mnt-irt:        IRT-UNITEKMY-NON-MY
changed:        hm-changed@apnic.net
changed:        hm-changed@apnic.net 20120907
source:         APNIC

irt:            IRT-UNITEKMY-NON-MY
address:        Center for Information and Communication Technology
e-mail:         jeff@utm.my
abuse-mailbox:  jeff@utm.my
admin-c:        UTM1-AP
tech-c:         UTM1-AP
auth:           # Filtered
mnt-by:         MAINT-MY-UNITEKMY
changed:        hm-changed@apnic.net 20120906
source:         APNIC

role:           Universiti Teknologi Malaysia
address:        Center for Information and Communication Technology
country:        MY
phone:          +607-5532470
fax-no:         +607-5566164
e-mail:         jeff@utm.my
admin-c:        UTM1-AP
tech-c:         UTM1-AP
nic-hdl:        UTM1-AP
mnt-by:         MAINT-MY-UNITEKMY
changed:        hm-changed@apnic.net 20120906
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Finally, I’ll do a traceroute and look at the actual network path taken to reach the IP address. In this case…

$ traceroute 161.139.224.31
traceroute to 161.139.224.31 (161.139.224.31), 30 hops max, 60 byte packets
 1  172.28.5.1 (172.28.5.1)  0.181 ms  0.146 ms  0.127 ms
 2  62-210-251-1.rev.poneytelecom.eu (62.210.251.1)  1.317 ms  1.480 ms  1.611 ms
 3  195.154.1.170 (195.154.1.170)  1.011 ms  1.236 ms  1.300 ms
 4  prs-b7-link.telia.net (62.115.40.77)  0.956 ms  0.924 ms  0.917 ms
 5  prs-bb3-link.telia.net (213.155.132.192)  1.779 ms prs-bb3-link.telia.net (213.155.134.220)  1.652 ms prs-bb2-link.telia.net (213.155.134.228)  0.898 ms
 6  adm-bb4-link.telia.net (213.155.137.156)  15.224 ms adm-bb3-link.telia.net (62.115.135.62)  11.010 ms adm-bb4-link.telia.net (213.155.136.24)  13.345 ms
 7  adm-b2-link.telia.net (62.115.141.51)  12.709 ms adm-b2-link.telia.net (213.155.137.197)  12.043 ms adm-b2-link.telia.net (62.115.141.67)  12.702 ms
 8  telekommalaysia-ic-149786-adm-b2.c.telia.net (213.248.99.146)  11.203 ms telekommalaysia-ic-301284-adm-b2.c.telia.net (62.115.8.206)  11.131 ms  12.056 ms
 9  * * *
10  58.27.55.202 (58.27.55.202)  207.612 ms  202.755 ms  203.625 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  *^C

Here we see that it starts at my location in Paris, is passed onward to Amsterdam, and then to Telekom Malaysia, after which we get no further return. The final IP address to respond, when subjected to these same checks, is also a Telekom Malaysia IP address.

It looks exceedingly unlikely at this point that this IP address is anywhere other than the Malaysian university previously named. If the user is absolutely certain that this is wrong, they can try running a traceroute from their end (e.g. with an iOS app for that purpose) and you can inspect its results for any possible clues.

Finally, it’s possible that the user is connected to a VPN provided by the university. In this case he will always be identified as being at the university regardless of his location in the world, and if he wants to be identified as to his actual location he should turn off the VPN and connect directly.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.