American Users have wrong IP address geolocation

ipv4 ip geolocation

Maxmind is a good service, though occasionally there can be errors, since we're now in the time period where IPv4 blocks are scarce, and are being traded and resold on a gray market. If you do find an actual error you can report it to them, though this doesn't appear to be an error.

This is basically how I confirm the location of an IP address:

First, I'll see what Maxmind says about it. Their online tool tells me it's in Malaysia and registered to Universiti Teknologi Malaysia. But is it really?

Maxmind GeoIP results for 161.139.224.31

Second, I'll check the whois record for the address. APNIC also says it's registered to UTM. Not looking good for your supposed American...

inetnum:        161.139.0.0 - 161.139.255.255
netname:        UTMNET
descr:          Universiti Teknologi Malaysia
country:        MY
admin-c:        UTM1-AP
tech-c:         UTM1-AP
status:         ALLOCATED PORTABLE
mnt-by:         MAINT-MY-UNITEKMY
mnt-irt:        IRT-UNITEKMY-NON-MY
changed:        [email protected]
changed:        [email protected] 20120907
source:         APNIC

irt:            IRT-UNITEKMY-NON-MY
address:        Center for Information and Communication Technology
e-mail:         [email protected]
abuse-mailbox:  [email protected]
admin-c:        UTM1-AP
tech-c:         UTM1-AP
auth:           # Filtered
mnt-by:         MAINT-MY-UNITEKMY
changed:        [email protected] 20120906
source:         APNIC

role:           Universiti Teknologi Malaysia
address:        Center for Information and Communication Technology
country:        MY
phone:          +607-5532470
fax-no:         +607-5566164
e-mail:         [email protected]
admin-c:        UTM1-AP
tech-c:         UTM1-AP
nic-hdl:        UTM1-AP
mnt-by:         MAINT-MY-UNITEKMY
changed:        [email protected] 20120906
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Finally, I'll do a traceroute and look at the actual network path taken to reach the IP address. In this case...

$ traceroute 161.139.224.31
traceroute to 161.139.224.31 (161.139.224.31), 30 hops max, 60 byte packets
 1  172.28.5.1 (172.28.5.1)  0.181 ms  0.146 ms  0.127 ms
 2  62-210-251-1.rev.poneytelecom.eu (62.210.251.1)  1.317 ms  1.480 ms  1.611 ms
 3  195.154.1.170 (195.154.1.170)  1.011 ms  1.236 ms  1.300 ms
 4  prs-b7-link.telia.net (62.115.40.77)  0.956 ms  0.924 ms  0.917 ms
 5  prs-bb3-link.telia.net (213.155.132.192)  1.779 ms prs-bb3-link.telia.net (213.155.134.220)  1.652 ms prs-bb2-link.telia.net (213.155.134.228)  0.898 ms
 6  adm-bb4-link.telia.net (213.155.137.156)  15.224 ms adm-bb3-link.telia.net (62.115.135.62)  11.010 ms adm-bb4-link.telia.net (213.155.136.24)  13.345 ms
 7  adm-b2-link.telia.net (62.115.141.51)  12.709 ms adm-b2-link.telia.net (213.155.137.197)  12.043 ms adm-b2-link.telia.net (62.115.141.67)  12.702 ms
 8  telekommalaysia-ic-149786-adm-b2.c.telia.net (213.248.99.146)  11.203 ms telekommalaysia-ic-301284-adm-b2.c.telia.net (62.115.8.206)  11.131 ms  12.056 ms
 9  * * *
10  58.27.55.202 (58.27.55.202)  207.612 ms  202.755 ms  203.625 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  *^C

Here we see that it starts at my location in Paris, is passed onward to Amsterdam, and then to Telekom Malaysia, after which we get no further return. The final IP address to respond, when subjected to these same checks, is also a Telekom Malaysia IP address.

It looks exceedingly unlikely at this point that this IP address is anywhere other than the Malaysian university previously named. If the user is absolutely certain that this is wrong, they can try running a traceroute from their end (e.g. with an iOS app for that purpose) and you can inspect its results for any possible clues.

Finally, it's possible that the user is connected to a VPN provided by the university. In this case he will always be identified as being at the university regardless of his location in the world, and if he wants to be identified as to his actual location he should turn off the VPN and connect directly.


It's not just American users, it can be users from any country.
And there are several reasons it can happen.

  • Users traveling abroad and logging on from there would get reported as being users from that country.
  • international companies often have IP blocks from one country only and assign those addresses to all their offices.
  • same for ISPs operating in multiple countries, obviously
  • if you've a domain/site hosted in another country you may end up with a server IP range in that country, and hosts in the US are often likely more expensive than those elsewhere.

The last is probably not relevant for you, but the others can be (and yes, I've had all of them happen at one time or another).

Related

When to Use Sudo with Crontab
How do I figure out what's wrong with my DNS record?
At what point is a server considered idle?
Killing systemd service with and without systemctl
SQL Server Issue: Login failed for user 'username'
Alternatives to Active Directory
What is the practical limit for IP addresses in DNS round-robin?
White noise as a system monitoring aid? Real or myth?
Why is the "www." sometimes necessary? [duplicate]
How to interrupt stuck bash tab completion?
lftp: how to copy file on remote server
How can I tell which interface my Supemicro IPMI is piggybacking on?