IP Geolocation: a beginner's guide
Get location, ASN, and org for an IP
IP geolocation: how websites guess where in the world you are
IP geolocation is the practice of taking an IP address and figuring out where in the physical world it is most likely located — country, region, city, sometimes ZIP code, occasionally even latitude and longitude. The interesting and frequently misunderstood part is that IP addresses do not actually contain location information. The number `93.184.216.34` does not encode any geography. The location is inferred by combining several external data sources: the regional internet registry that allocated the address block, BGP routing data, latency measurements between the IP and known reference points, and (most controversially) clickstream data from real users who voluntarily shared their location. The result is a database that maps IP ranges to locations with varying accuracy.
You should care because IP geolocation is the basis for almost every "where in the world is this user" question online, and the accuracy is much worse than most people realize. Country-level accuracy is usually 95–99% reliable. City-level accuracy in major Western markets is around 70–80%. Street-level accuracy is essentially impossible from IP alone — it requires GPS or browser geolocation. The classic story is the user in Brooklyn who is geolocated to Iowa because their VPN happens to exit through a server there. Or the user in Berlin whose corporate office is mapped to Frankfurt because all their traffic goes through a central proxy. These are not bugs in the database; they are the ground truth of how IP addresses actually flow.
The five sources every IP geolocation database draws from:
Regional internet registry data. ARIN, RIPE, APNIC, LACNIC, and AFRINIC publish the country a block was allocated to.
BGP routing announcements. The path a packet takes through the network often hints at the destination's geography.
Latency triangulation. Pinging an IP from multiple known locations and using the round-trip times to estimate distance.
User-contributed signals. Real users who shared their location through a browser permission, plus commercial clickstream feeds.
WHOIS contact addresses. Sometimes more accurate, sometimes wildly off — the registrant's billing address has nothing to do with where the IP is actually used.
Three questions an IP geolocation check answers:
Roughly where in the world is this user located?
Should this content be served in English, German, Japanese, or Portuguese based on the user's likely location?
For fraud rules, is the user's claimed country consistent with their IP's country?
The cost of treating IP geolocation as ground truth is being wrong about real users in subtle but real ways — wrong currency, wrong language, wrong fraud signals. The fix is to use it as a signal, not a fact, and to always provide a way for the user to correct it manually. The most authoritative database is MaxMind GeoIP2, with IP2Location and DB-IP as well-known alternatives.
The IP Geolocation endpoint, in plain language
In one sentence: Get location, [ASN (Autonomous System Number)](/guides/network-asn), and org for an [IP (Internet Protocol address)](/guides/ip-geolocation)
Returns geographic location data for any IPv4 (Internet Protocol version 4) or IPv6 (Internet Protocol version 6) address including continent, country (ISO 3166-1), region/subdivision (ISO 3166-2), city, coordinates, timezone, postal code, and ASN/organization details. Powered by Cloudflare's edge network for low-latency lookups worldwide.
Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.
What is actually happening when you call it
Here's what's actually happening behind the scenes when you call this endpoint:
Resolves the physical location associated with an IP (Internet Protocol address) address using Cloudflare's geolocation database at the edge. Returns structured data including continent code, country (with ISO 3166-1 alpha-2 code), region/subdivision (ISO 3166-2), city, latitude/longitude coordinates, IANA timezone identifier, postal code where available, and the Autonomous System Number (ASN) with organization name operating the IP range.
If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.
Why this specific tool matters
Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the IP Geolocation tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.
IP (Internet Protocol address) geolocation is foundational for fraud detection, content localization, GDPR/regulatory compliance, and user analytics. It enables security engineers to detect impossible travel attacks, product teams to serve localized content and pricing, and compliance teams to enforce geographic access controls mandated by regulations like GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and data sovereignty laws.
Picture this in real life. Imagine a security engineer. Here's the situation they're walking into: Compare the geographic location of successive login attempts to detect physically impossible travel patterns (e.g., logins from New York and Tokyo within 30 minutes). Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the IP Geolocation tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.
Three questions this tool answers in plain English. If any of these have ever crossed your mind, the IP Geolocation tool is built for you:
Where in the world is this server actually located, and who runs the network it sits on?
How fast does traffic move between my users and my service?
Is the IP address I am looking at part of a residential network, a data center, or something suspicious?
You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.
Who gets the most out of this. Network engineers, IT admins, sales teams qualifying enterprise prospects, and product teams building geo-personalization or fraud rules. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.
What happens if you skip this entirely. Skip it and you can't tell where your users actually are, who runs the network they're on, or why they're seeing slow page loads. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.
Available on the free plan. The technical details: `GET /v1/ip/geolocation`.
When would I actually use this?
If you're still on the fence about whether the IP Geolocation tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a security engineer, a product manager, and a compliance officer — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.
Story 1: Impossible Travel Detection
Imagine you're a security engineer. Compare the geographic location of successive login attempts to detect physically impossible travel patterns (e.g., logins from New York and Tokyo within 30 minutes).
Why it matters: Automatically flag or block account takeover attempts from geographically inconsistent locations.
Story 2: Content Localization & Pricing
Imagine you're a product manager. Serve localized content, currency, and regional pricing based on visitor IP (Internet Protocol address) geolocation without requiring manual user selection.
Why it matters: Increase conversion rates with location-appropriate content, pricing in local currency, and locale-specific offers.
Story 3: Regulatory Compliance & Geofencing
Imagine you're a compliance officer. Enforce geographic access restrictions for content or services regulated under GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), sanctions (OFAC), or data residency requirements.
Why it matters: Meet data sovereignty and regulatory requirements by restricting access to approved geographic regions.
Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the IP Geolocation tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:
When a customer reports that your site is slow specifically from their region.
When you need to know whether traffic is coming from a residential network or a data center.
When planning a CDN, points of presence, or geographic expansion.
During an outage, to see exactly where in the route packets are getting lost.
If you can see yourself in even one of those bullets, the IP Geolocation tool will pay for itself the first time you use it.
Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the IP Geolocation tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.
The easiest way: just ask your AI assistant
If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:
"Use the IP Geolocation tool to check example.com and explain anything that looks wrong in plain language."
The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.
MCP (Model Context Protocol) access is free on every plan, including the free tier. One API key works for both REST and AI — you do not have to choose.
The technical way: call it from code
If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.
# Replace edns_live_YOUR_KEY with your real API key from the dashboard
curl -H "Authorization: Bearer edns_live_YOUR_KEY" \
"https://api.edgedns.dev/v1/ip/geolocation?ip=8.8.8.8"What you need to provide
There's just one piece of information you need to provide. The table below explains exactly what it is and what a real value looks like.
| Field | Type | Required? | What it means | Example |
|---|---|---|---|---|
ip | string | Yes | The IPv4 (Internet Protocol version 4) or IPv6 (Internet Protocol version 6) address to geolocate. Omit to geolocate the requesting client IP (Internet Protocol address). | 8.8.8.8 |
What you get back
When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.
| Field | Type | What you'll see in it |
|---|---|---|
ip | string | The queried IP (Internet Protocol address) address |
ip_version | number | IP (Internet Protocol address) version (4 or 6) |
country | string | Country name |
country_code | string | ISO 3166-1 alpha-2 country code |
region | string | State, province, or region name |
city | string | City name |
postal_code | string | Postal/ZIP code where available |
latitude | number | Latitude coordinate |
longitude | number | Longitude coordinate |
timezone | string | IANA timezone identifier (e.g., America/New_York) |
asn | number | Autonomous System Number |
organization | string | ASN (Autonomous System Number) organization name (ISP or hosting provider) |
is_bogon | boolean | Whether the IP (Internet Protocol address) is a bogon (reserved/private) address |
Words you might be wondering about
If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.
IP (Internet Protocol address) — A unique number that identifies a computer on the internet, like a phone number for a server.
ASN (Autonomous System Number) — A unique number assigned to a big network operator (like an ISP or cloud provider). Tells you who owns a chunk of the internet.
IPv4 (Internet Protocol version 4) — The original kind of internet address — four numbers separated by dots, like 203.0.113.10. The internet has run out of new ones, which is why IPv6 exists.
IPv6 (Internet Protocol version 6) — The newer, longer kind of internet address. Looks like 2001:0db8:85a3::8a2e:0370:7334. Designed because the world ran out of IPv4 addresses.
GDPR (General Data Protection Regulation) — Europe's privacy law. Requires websites to be transparent about what personal data they collect and how they use it.
CCPA (California Consumer Privacy Act) — California's privacy law. Gives California residents the right to know what personal data a company has collected about them.
Need Programmatic Access?
Automate domain intelligence with 100+ API endpoints and a free MCP server for AI integration.