IP geolocation: how websites determine your location by IP address

Methods for determining geolocation by IP address

There are specialized databases and APIs for IP geolocation—MaxMind GeoIP, SypexGeo, IP2Location, and others. They collect information from various sources and match IP addresses to corresponding locations.

The screenshot shows how approximate geolocation is: the location is indicated by the administrative center associated with the IP address, while in reality a person may be hundreds of kilometers away from that point

Such databases are populated in various ways:

• publicly available data from RIR/WHOIS registries (which specify the country or region where the network is registered);

• data voluntarily provided by end users (crowdsourcing, applications with geolocation permission);

• active network measurements.

These data make it possible to assume that a specific IP is being used in a specific place.

If an IP address has been assigned to a user for a long time (such IP addresses are called static), geolocation is easier to associate with a specific region or even a city

Static IP addresses. An address assigned to one user or client device for a long period of time.

When an IP address changes periodically (a dynamic IP address), accuracy is lower. The provider often distributes addresses from a certain range, and the actual error can reach the size of the entire service area of that block.

Dynamic IP addresses. Issued by the provider as needed and may change frequently. If this IP was previously observed in another location, the resulting geolocation will shift: it will reflect either the old association or the current one, which is unpredictable. The maximum shift is determined by the coverage area (the farthest edge of the geo-range that the IP can indicate).

When using a mobile network, the actual geolocation changes

It is also important to distinguish between IPv4 and IPv6. Since the vast majority of the Internet still operates on IPv4, most geo-databases are focused specifically on IPv4 addresses.

Information about the ASN or the provider’s region also plays a role in determining location. Data about the region in which a specific operator works helps refine the result.

However, geolocation is not limited to database analysis alone. There are so-called active approaches. Websites can independently measure network latency and perform traceroutes to an IP address to roughly estimate the distance to the connection point by comparing response times to known network nodes.

We should not forget about Wi-Fi and GPS too: on a smartphone, a browser can provide very precise coordinates via the HTML5 Geolocation API. But this is no longer IP geolocation in the classical sense; it is location based on Wi-Fi or GPS. Classical IP geolocation works without GPS and relies solely on network data.

Geolocation accuracy

The accuracy of IP geolocation is assessed by levels (country/region, city, street). In theory, it is possible to go lower, but the latter levels are achieved very rarely.

The most accurate determination is at the country level (accuracy reaches about 95%). At the regional (state) level, accuracy is lower but still fairly high. Errors start to grow at the city level (50–80%).

Few services go even lower, to the street level, and accuracy there leaves much to be desired. The vast majority of resources limit themselves to the city as the maximum level of accuracy, placing a point in the city center. For rural addresses, the margin of error is even larger.

Mobile networks

In cellular networks, the situation is even more complicated. A mobile operator may configure the network so that the same IP address remains assigned to a device while it moves tens or even hundreds of kilometers. The IP address itself is usually shared. An operator may have only a few ranges serving a large coverage area, meaning that several subscribers may use the same public IP address. As a result, even ideal services cannot say with high confidence where a specific subscriber is located, as there are too many additional variables.

When roaming in a foreign country, a mobile device remains visible to its home operator (traffic usually returns to the operator’s home network before exiting to the Internet). This is similar to a VPN tunnel: the website thinks the user is still in their home country, even though they are physically abroad. As a result, a mobile user’s IP address provides a very rough location (often within the country, and not even the nearest city).

Servers and VPNs

IP addresses of data centers, hosting providers, and VPN services (and proxy services) almost never point to the location of the real end user. Such addresses are usually tied to the location of the provider’s office or data center. In other words, if you use a VPN, websites will only see the geolocation of the VPN gateway, not your device. For this reason, such addresses are generally ignored when attempting precise localization.

How websites determine a user’s location

When a website tries to determine a user’s true geolocation or check whether they are hiding behind an anonymizer, it may use several techniques, including:

• Geodatabases and specialized services. The website queries the same geodatabases (MaxMind, SypexGeo, etc.) and ASN lists mentioned above. It receives data via specialized APIs that report whether an IP address is a VPN, proxy, Tor exit node, or data center.

• HTTP headers and DNS. Some proxy servers add the X-Forwarded-For header, which contains the client’s original IP address. If a proxy is configured incorrectly, a website can check for such headers and obtain your real address. User DNS queries are also analyzed: if the DNS server is set to a “foreign” address (the user sends queries to an overseas DNS), this may indicate that traffic is not originating from the country of the IP address.

• WebRTC and browser geolocation. Modern browsers allow a website to request the Geolocation API and obtain precise device coordinates. This is almost always more accurate than an IP address, and if browser geolocation contradicts the IP address, it becomes clear that a VPN or proxy is being used. The presence of WebRTC leaks can also reveal the device’s local real IP address even when a VPN is active. Websites check geolocation permissions and use JavaScript to detect such inconsistencies.

• Fingerprinting and additional signals. Although websites do not have direct access to the browser interface language or the list of extensions, they can analyze indirect signals: language headers, time zone, characteristics of the JavaScript environment, and network behavior. Inconsistencies between these parameters and the IP address region may be considered suspicious signals by anti-fraud systems.

Ways to bypass geo-restrictions and detectors

There are several well-known and less well-known methods for bypassing geolocation and masking detection mechanisms. Let’s look at the main ones:

• VPN services. Using a high-quality VPN is the most common approach. Reliable, usually paid VPN providers offer clean subnets (less popular traffic, lower chances of being on blacklists), dedicated IP addresses, and support for double VPN for additional obfuscation.

• Residential and rotating proxies. Proxies from residential or mobile networks look more natural because their IP addresses belong to regular Internet providers. Such IP addresses do not belong to data centers and are much harder for systems to block. Properly configured proxy rotation provides a solid level of masking within a single device and helps avoid bans and IP recognition via blacklists.

• Tor. The Tor network provides a high level of anonymity, as data packets to and from the user pass through several random nodes. Naturally, speed with such routing is significantly lower.

• Latency injection and artificial “jumps.” Latency injection is used in niche scenarios, e.g., when researching anti-fraud algorithms, in complex anti-detect chains, or as a side effect of corporate and anonymous networks.

• Mobile networks. Connecting via mobile Internet often results in receiving a new IP address with each connection, making it harder to tie a device to a specific location. At the same time, geolocation services see IPs of mobile operators, for which location accuracy is inherently lower due to CGNAT and large address pools. However, precisely because of CGNAT, a single IP address can be used by many subscribers, so a mobile IP reduces geolocation accuracy but does not by itself guarantee full anonymity.

CGNAT (Carrier-Grade NAT) is a mechanism in which many subscribers access the Internet through a single shared public IP address. In such networks, an IP is not a reliable identifier of a user or their location, which significantly reduces the accuracy of IP geolocation.

Conclusions

IP-based geolocation is used for coarse association of a user with a region or city. It is applied in content localization, targeting, and basic service protection. In most cases, it only provides a rough indication of which region an IP address belongs to. Full anonymity and accurate concealment of real geography require a comprehensive approach: always use encrypted channels while simultaneously bypassing other identification methods. Since websites rely not only on IP addresses but also on language, time zone, DNS, and browser behavior, all these factors must be considered. You need to prevent leaks, properly configure the system for the target region, and, where possible, combine different spoofing solutions.