IP Geo API vs ipapi.co in 2026: Free-Tier Attribution, EU Residency, and the Threat-Detection Question
5-minute read · 2026 pricing · honest assessment
If ipapi.co is on your IP-geolocation shortlist in 2026, the comparison usually comes down to three things: does the free tier carry an attribution backlink, do you need EU data residency, and are VPN / proxy / Tor flags first-class on the free plan or paywalled? ipapi.co has a clean REST shape, multiple response formats, and broad community SDKs, but its 2018-era pricing posture (free-tier requires “Powered by ipapi” attribution, USD billing, basic threat-detection only on paid tiers) creates real friction for a lot of modern teams. This post lays out where each one wins, without the marketing varnish.
Looking for the full feature matrix? Jump straight to the ipapi.co alternative comparison →.
The 60-second take
| What you care about | Choose |
|---|---|
| JSONP / XML / CSV response format (legacy parsers) | ipapi.co |
| Global Anycast edge for non-EU users | ipapi.co |
| Multiple long-lived community SDKs | ipapi.co |
| Attribution-free free tier (no “Powered by”) | IP Geo API |
| VPN / Proxy / Tor / Datacenter flags bundled free | IP Geo API |
| EU-only data residency (no US transit) | IP Geo API |
| EUR billing + iDEAL / SEPA / Bancontact | IP Geo API |
| 100K req/mo paid entry at €29 (vs $35 for 50K) | IP Geo API |
Pick the row that’s the dealbreaker. If two rows pull opposite directions, the row enforcing a hard architectural or compliance constraint wins — for example, “we cannot ship a paid product with a ‘Powered by ipapi’ badge” beats “we’d prefer XML responses.”
The real reasons teams switch from ipapi.co to IP Geo API
The most common switch story we hear isn’t about price or latency. It’s about production realities that the 2018-era ipapi.co free-tier posture didn’t anticipate:
- Attribution backlink on the free tier blocks paid products. ipapi.co’s free 1.000 req/day requires a “Powered by ipapi” link on the consuming page. For any commercial product — paid SaaS, white-label dashboard, B2B portal — that’s not acceptable, and the upgrade path starts at $35/mo for 50K req/mo. Our free tier is 1.000 req/day without attribution, so MVPs and paid side projects ship without an upfront invoice or a vendor-branded backlink.
- Threat detection is paid-only. ipapi.co’s
proxy/torflags are restricted to paid tiers, and even there the surface is thin (no VPN classification, no datacenter flag). We bundleis_vpn,is_proxy,is_tor,is_datacenter, andis_residentialinto every response on every tier, including free. - EU-only data residency for regulated sectors. ipapi.co’s privacy page does not commit to EU-only data flow; queries can transit US-based edge nodes. For fintech, healthtech, gov-tech, and adtech under GDPR scrutiny, that’s a documented Article 44/45 transfer-assessment problem. We’re EU-only at infra (Hetzner Frankfurt + Vercel
fra1), at contract, and at corporate level. - USD billing fatigue. Stripe/USD invoicing plus monthly FX adds 1-3% friction on every European invoice. Dutch, Belgian, German, and French finance teams flag this on every close. We bill EUR via Mollie with iDEAL, SEPA, Bancontact, and credit card as first-class methods.
- 50K req/mo is an awkward step-up. ipapi.co’s first paid tier ($35/mo, 50K req/mo) is roughly half the volume of our entry plan (€29/mo, 100K req/mo) at a higher absolute price after FX. Teams that grow past the free tier hit “pay more, get less” friction within the first paid month.
If none of these hit your stack, ipapi.co’s clean shape, response-format breadth, and community SDK coverage are genuinely good and you have no switching reason. Stay where you are.
The real reasons to not switch
We try to be straight about this — the fastest way to lose a customer is to oversell the migration.
- Your users are spread across 50+ non-EU countries. ipapi.co’s global Anycast network beats an EU-hosted REST API on median latency for non-EU clients. For a European SaaS with European users, the latency delta rarely matters. For a global consumer app with users in Asia and the Americas, it does.
- You depend on JSONP, XML, or CSV response shapes. ipapi.co supports five response formats (JSON, JSONP, XML, CSV, YAML); we’re JSON-only by design. If a downstream system requires JSONP for cross-domain script tags or XML for a legacy parser, the migration adds work.
- You rely on a specific community SDK. ipapi.co has been live since 2018 and has a long tail of community-maintained client libraries across PHP, Ruby, Go, Rust, and several JS frameworks. We ship official TypeScript and Python SDKs (MIT-licensed) but the community ecosystem is thinner.
- You’re locked to a longer track record. ipapi.co has been operating since 2018. We launched in 2026. Vendor risk is a fair concern. Our mitigation: full data export, open-source clients, and a documented exit path on the pricing FAQ. But “older vendor = lower risk” is a defensible heuristic.
What migration actually looks like
For most teams the move is a single base-URL flip plus a thin response-shape adapter:
- // ipapi.co (path-based, attribution required on free tier)
- const r = await fetch(`https://ipapi.co/${ip}/json/`);
- const data = await r.json();
- const country = data.country_code;
- const city = data.city;
+ // IP Geo API (auth-header, attribution-free)
+ const r = await fetch(`https://ipgeo.10b.app/v1/lookup/${ip}`, {
+ headers: { Authorization: `Bearer ${process.env.IPGEO_API_KEY}` }
+ });
+ const data = await r.json();
+ const country = data.country_code;
+ const city = data.city;
The non-obvious work is field mapping. ipapi.co uses country_code, region, city, latitude, longitude, timezone, plus optional proxy / tor flags on paid plans. We use a flatter contract: country_code, region, city, lat, lon, timezone, with is_vpn / is_proxy / is_tor / is_datacenter / is_residential always present at the top level. Full mapping table on the ipapi.co alternative comparison page.
What we recommend:
- Dual-call for 24-48h. In the request handler, call both ipapi.co and our API; log every diff to a structured store. The most common diffs are city-naming (we use canonical English; ipapi.co occasionally returns local-script names) and ASN organization formatting.
- Cache the response. Most workloads see a 60-80% IP repeat-rate within an hour. A 1-hour TTL cache (Redis, Memcached, or local LRU) cuts your billable count proportionally — and brings effective latency back below 1ms for hot IPs even on a REST API.
- Keep the ipapi.co free tier warm for 7 days as rollback insurance, then remove the attribution backlink and any community SDK references.
Full migration guide with curl examples is on the ipapi.co alternative comparison page.
Pricing math at three common volumes
Direct apples-to-apples is straightforward because both vendors meter per-request. The table below is illustrative based on 2026 public list pricing for the most common workload (city-level + threat detection):
| Monthly volume | ipapi.co | IP Geo API | Notes |
|---|---|---|---|
| 50K req/mo | $35 (Developer) — basic threat flags only | €29 (Starter, 100K) | IP Geo API includes 2× volume + full threat block at parity feature set |
| 500K req/mo | ~$100 (Business) | €99 (Business) | Roughly comparable; bundled VPN/datacenter classification is the differentiator |
| 5M req/mo | Custom (typically $300+/mo) | €399 (Scale) | Comparable; EUR billing avoids FX |
| Compliance overhead (EU residency docs, DPA, transfer assessments) | ipapi.co SCC + your DPO time | EU-only, no transfer assessment | Often dominates the unit economics for regulated sectors |
Numbers above are list-price snapshots from ipapi.co’s public pricing page on 2026-04-23. Negotiated annual contracts vary. The headline: ipapi.co’s flat plans are competitive once you factor out the attribution requirement and the basic threat-detection surface — but for workloads that need VPN/proxy/datacenter flags from day one or cannot ship a “Powered by” backlink, IP Geo API’s per-request total cost of ownership tends to be lower across the 50K-1M req/mo zone where most indie / SMB / scaleup teams sit.
Trust check: should you trust this comparison?
Honest disclosure: this post is on the IP Geo API blog. We have a commercial reason to suggest switching. We tried to compensate for that bias by:
- Listing ipapi.co’s strengths (response-format breadth, community SDKs, longer track record, global edge) in the same depth as ours.
- Naming specific cases where ipapi.co is the right pick (non-EU global users, JSONP / XML / CSV consumers, community-SDK lock-in).
- Acknowledging that vendor longevity is a defensible concern about us specifically.
- Linking ipapi.co’s pricing page directly so you can verify pricing, attribution requirements, and feature claims yourself.
- Sourcing all numbers from public pricing pages on the date stamped above.
If you spot a factual error, email hello@ipgeo.10b.app — we’ll edit and add a correction note above the fold within 48h. We’d rather be cited as accurate than aggressive.
Try IP Geo API in 5 minutes
# 1. Sign up — no credit card, 1.000 lookups/day on free tier, no attribution backlink
open https://ipgeo.10b.app/pricing
# 2. Test against a known IP (Google DNS) — note the bundled threat block
curl https://ipgeo.10b.app/v1/lookup/8.8.8.8 \
-H "Authorization: Bearer $IPGEO_API_KEY"
# 3. Inspect the threat fields — no paid-tier upgrade required
curl https://ipgeo.10b.app/v1/lookup/8.8.8.8 \
-H "Authorization: Bearer $IPGEO_API_KEY" | jq '{is_vpn,is_proxy,is_tor,is_datacenter,is_residential}'
Sign up free → · Full ipapi.co comparison → · API reference →
FAQ
Why is ipapi.co’s free-tier attribution such a big deal? The “Powered by ipapi” backlink is fine for an open-source side project, a personal blog, or an unmonetised demo. It is not fine for a paid SaaS, a B2B portal, or a white-label customer dashboard — those products either upgrade to a paid plan or look unprofessional. Our free 1.000/day tier ships attribution-free so commercial pre-revenue products can validate before paying.
Is the threat data better than ipapi.co’s paid proxy / tor fields?
Different upstream composition. Our is_vpn/is_proxy/is_tor/is_datacenter/is_residential classifiers run on an ensemble of public abuse feeds (Spamhaus DROP, FireHOL, AbuseIPDB-lite) plus our own passive-probe data. ipapi.co’s threat-flag composition is not publicly documented and the surface is narrower (proxy + tor only, no VPN or datacenter classification). Both cover the common 80% of fraud-relevant flags well; specialized fraud platforms typically run their own ML on top regardless of vendor.
Will my ipapi.co-shaped code work as-is with IP Geo API?
Mostly the field names overlap (country_code, region, city, latitude/longitude ≈ lat/lon). Edge cases (languages, currency, country_calling_code, utc_offset vs timezone) need a thin adapter — see the field mapping table.
Can I use IP Geo API with JSONP for client-side scripts on a non-CORS site?
Not today. We require auth-header on every request, which means JSONP <script src="..."> tags don’t work. For client-side JavaScript, use a server-side proxy on the same origin or call our API from a backend route. ipapi.co’s JSONP-friendly URL-key pattern is a fit for legacy CORS-blocked frontends.
What happens if your API has an outage? Public status page: https://status.ipgeo.10b.app with a 90-day rolling history. Our SLA is 99.5% on Business plan (multi-region active-active across Frankfurt + Amsterdam). Most production deployments cache responses with a TTL of 1-24h, which means a brief API outage degrades to stale data, not failed lookups.
Related reading
- How to Migrate from ipapi.co to IP Geo API in 2026 → — step-by-step drop-in guide: field-by-field map, code diffs in Python / Node / Go, the attribution-backlink scrub and
org-string concatenation gotchas, shadow mode, gradual cutover, rollback plan, and the 7 week-one gotchas.
Drop-in migration guides for adjacent providers (in case you’re consolidating multiple sources onto IP Geo API):
- Migrate from MaxMind GeoIP2 to IP Geo API —
.mmdb-to-API field map, weekly-sync pain, GeoIP2 nested-shape compatibility - Migrate from ipinfo.io to IP Geo API —
loc-string + ASN-org regex +Authorization-header gotchas - Migrate from ipstack to IP Geo API — HTTP→HTTPS scheme flip + Security-Module paywall +
connection.asninteger typing - Migrate from ipgeolocation.io to IP Geo API — Security-API SKU consolidation +
apiKey-in-URL log-leak hardening +latitude/longitudestring-vs-number gotchas - Migrate from IP2Location to IP Geo API — BIN/CSV/MMDB decommission + IP2Proxy SKU consolidation + USD-annual-to-EUR-monthly billing +
proxy_typeenum-vs-split-booleans gotchas - Migrate from DB-IP to IP Geo API — MMDB/CSV-download decommission + IP-to-Threat / Anonymous / Datacenter SKU consolidation + CC-BY-4.0 attribution-backlink scrub +
countryCode3ISO-3 vs ISO-2 gotchas
If you’re evaluating IP geolocation APIs against multiple providers, the other head-on comparisons in this series may help:
- IP Geo API vs ipinfo.io in 2026 — head-on with the dominant North-American incumbent
- IP Geo API vs MaxMind in 2026 — managed API vs self-hosted GeoIP2 dataset trade-offs
- IP Geo API vs ipstack in 2026 — modern EU-hosted alternative for ipstack migrations
- IP Geo API vs ipgeolocation.io in 2026 — feature parity, GDPR posture, EUR billing
- IP Geo API vs IP2Location in 2026 — REST-first vs database-download, IP2Proxy bundling, EU residency
- IP Geo API vs DB-IP in 2026 — REST-first vs MMDB-download EU-vs-EU, attribution-free free tier, threat bundling
Industry deep-dives
-
IP Geolocation for Fintech — KYC, Sanctions Screening, Fraud, and EU Residency → — fintech-specific deep-dive: the three IP-control surfaces (KYC country-of-origin, OFAC/EU sanctions, payment-fraud risk), EU-hosted GDPR posture, EUR billing, ASN-level hosting detection, and ≤40 ms median EU-edge latency for 800-1200 ms PSP authorisation budgets.
-
IP Geolocation for Ad-Tech — RTB Enrichment, SIVT/IVT Filtering, and Click-Fraud Attribution → — ad-tech-specific deep-dive: the three IP-control surfaces (RTB bid enrichment with ≤40 ms latency budget + OpenRTB 2.6 device.geo/device.ext, SIVT/IVT filtering with IAB-confirmed datacenter ASN block-list, click-fraud post-back attribution + risk scoring), EU-hosted GDPR + ePrivacy + IAB-TCF v2.2 posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.
-
IP Geolocation for iGaming — Licence-Jurisdiction Enforcement, VPN-Circumvention Scoring, and Self-Exclusion Register Routing → — iGaming-specific deep-dive: the three IP-control surfaces (licence-jurisdiction enforcement with hard-fail-closed posture across MGA/UKGC/KSA/DGOJ/ANJ/ADM/DAS, anti-circumvention scoring with residential-proxy ASN block-list covering Bright Data + Oxylabs + Smartproxy + IPRoyal, self-exclusion register routing to GamStop/CRUKS/ROFUS/Spelpaus/OASIS by IP-country), EU-hosted GDPR + EGBA posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.
-
IP Geolocation for SaaS Monetization — Geo-Pricing, EU-VAT/DAC7 Tax-Routing, Trial-Abuse Scoring, and OFAC/EAR Export-Controls → — SaaS-specific deep-dive: the four IP-control surfaces (PPP-anchored geo-pricing with ≤40 ms checkout-flow budget, EU-VAT-MOSS + OECD DAC7 tax-routing to the right Stripe/Adyen/Braintree/Paddle tax-id, trial-abuse detection with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, and OFAC SDN + EAR export-controls feature-gating), EU-hosted GDPR posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.
-
IP Geolocation for Streaming Media — Content Licensing, VPN-Bypass Defence, CDN POP Steering, and SSAI Ad-Insertion → — Streaming-media-specific deep-dive: the four IP-control surfaces (per-territory licensing enforcement with hard-fail-closed HTTP 451 on ambiguous resolve, VPN/proxy/Tor circumvention defence with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, CDN POP steering and adaptive bitrate-ladder selection across Akamai/Cloudflare/Fastly/BunnyCDN/Lumen, and SSAI ad-insertion targeting with sports blackout windows via Haversine GPS-distance), ≤40 ms session-init budget on EU edges, studio-grade 24-month audit trail, threat fields on every plan, ASN-level granularity, and EU-hosted GDPR + AVMSD (Directive 2018/1808) posture.
-
IP Geolocation for E-commerce — Tax-Jurisdiction Routing, BIN-vs-IP Carding Defence, PPP-Adjusted Currency Display, and Shipping-Zone Fulfilment Routing → — E-commerce-specific deep-dive: the four IP-control surfaces (EU OSS distance-sales 27-rate map + UK VAT 20% + CH-VAT 7.7% + NO MVA 25% + US Wayfair 13-state nexus + CA GST/HST per-province + AU/SG/IN/BR/JP GST/ICMS/JCT with sanctions hard-stop on IR/KP/SY/CU/BY/RU/MM/VE at checkout; BIN-vs-IP carding + refund-fraud 6-factor weighted score at place-order with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3; PPP-adjusted 7-tier pricebook on first paint with VPN/proxy fall-back to BIN-billing-country; 9-warehouse fulfilment routing FRA/AMS/MAD/MIL/DOV/IAD/LAX/DEL/SIN with DDP/DDU duty pre-calc and lithium/aerosol/prescription destination-gates), ≤40 ms checkout-first-paint budget, DAC7/GDPR/EU OSS audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.
-
IP Geolocation for Healthcare — Cross-Border Telehealth Licensing, HIPAA PHI/EPHI Access Geofencing, EU Patient-Data Residency w/ Schrems II Routing, and Cross-Border Pharma + DEA Schedule Gating → — Healthcare-specific deep-dive: the four IP-control surfaces (cross-border telehealth licensure match at consult-init w/ US IMLC 41-state partial + CA/FL/NY/TX independent + EU MRPQ Directive 2005/36/EC + DE Bundesärztekammer + NL BIG + FR ONM + UK GMC + HTTP 451 hard-fail-closed on jurisdiction-mismatch + NO_RECIPROCITY hard-stop on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO; HIPAA 45 CFR §164.308(a)(4) PHI/EPHI access geofencing w/ clinical-ASN allowlist Epic/Cerner/Allscripts/Mayo/MGH/Cleveland/Kaiser + residential-proxy ASN reject Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + home-office BAA-attested workstation allowlist + risk_score < 30 soft-allow; EU patient-data residency w/ GDPR Art. 9 special-category + EDPB Recommendations 01/2020 supplementary technical measures + Schrems II SCC flag for US-shard + routing to 6 EHR shards EU-FRA/EU-AMS/UK-LON/US-IAD/CA-YYZ/AU-SYD w/ VPN/proxy → fall-back to EU-FRA highest protection; cross-border pharma + controlled-substance gating w/ DEA Schedules I-V + Ryan Haight Act §3 in-person-eval requirement for telemed Rx + EU Falsified Medicines Directive 2011/62/EU originator-country audit + per-country bans for cannabis/CBD/psilocybin/MDMA/kratom), ≤40 ms consult-init budget, HIPAA/GDPR Art. 9/Schrems II/DEA/EU FMD audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.
-
IP Geolocation for Travel + Hospitality — Geo-Rate Enforcement + Dynamic-Pricing per Booking Origin, OTA Carding + ATO Defence, OFAC/EU CONSILIUM/UK OFSI Sanctions Screening at Booking-Init, and GDS + EU OSS / DAC7 Reporting → — Travel/hospitality-specific deep-dive: the four IP-control surfaces (geo-rate enforcement + dynamic-pricing per booking origin w/ 8-tier pricebook T1 EU-Lux 1.00x → T8 Africa 0.75x + VPN/proxy/Tor fall-back to T2_NA_LUX anti-arbitrage + SANCTIONS_HARDSTOP on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO HTTP 451 at search-render + BIN-billing-country pin at checkout; OTA carding + ATO defence at booking checkout w/ corporate-travel-platform ASN allowlist AS-CWT/Amex GBT/BCD/FCM/Egencia/Navan/Amadeus/Sabre fast-lane + consumer-OTA reject on VPN/Tor/relay + residential-proxy ASN block Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + 6-factor carding score threshold ≥70; OFAC + EU CONSILIUM + UK OFSI sanctions screening at booking-init w/ sanctioned-origin hard-stop regardless of session residency + EU 6AMLD compelled-disclosure on VPN/proxy + US-Cuba 31 CFR §515 General License gate + luxury-segment AML thresholds yacht €10K / private jet €20K / villa €5K/night / heli €3K + PEP screen + source-of-funds eval; GDS + inventory routing + EU OSS / DAC7 reporting w/ Amadeus EU/UK + Sabre US/CA + Travelport APAC + 27 EU-MS destination-VAT rates DE 19% → HU 27% + NO 25% + CH 8.1% + UK 20% + DAC7 Directive 2021/514 reportable-platform-operator evidence-log 5-year retention + Jan-31 lead-MS annual report), ≤40 ms search-render budget, OFAC/EU CONSILIUM/UK OFSI/DAC7/EU OSS/HOTREC audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.
-
IP Geolocation for Online Education — Cross-Border Distance-Learning Licensure (SARA + ENIC-NARIC + QAA + TEQSA), PPP-Adjusted Tuition Tiering Anti-Arbitrage, Exam-Proctoring Geo-Anchor + ID-Doc Residency, and FERPA + GDPR Art. 9 + Schrems II LMS Shard-Routing → — Online-education-specific deep-dive: the four IP-control surfaces (cross-border distance-learning licensure at enrolment-init w/ US SARA 49-state reciprocity + non-SARA CA/MA direct-auth + EU ENIC-NARIC 47 national centres + Bologna ECTS + UK QAA/OfS + AU TEQSA/CRICOS + IN AICTE/UGC + HTTP 451 hard-fail-closed on jurisdiction-mismatch + SANCTIONS_HARDSTOP on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO; PPP-adjusted tuition tiering at enrolment-checkout w/ 8-tier pricebook T1 high-income 1.00x → T5 low-income 0.15x + residential-proxy ASN block-list Bright Data 212238/401116 + Oxylabs 396982/60068 + Smartproxy 62240/16276 + IPRoyal 35916/174 + Tier3 21859/32475 + VPN/proxy fall-back to T1 anti-arbitrage + BIN-billing-country pin at payment; exam-proctoring geo-anchor at session-init w/ IELTS Online + TOEFL iBT Home + GMAT Online + GRE at Home + CFA + CPA + USMLE + PTE Home + IP-country MUST match ID-doc-country + residential-proxy ASN void exam + lifetime fraud-flag + datacenter ASN reject AWS/GCP/Meta/CF/OVH/DO + VPN/proxy/Tor → void; FERPA + GDPR Art. 9 + Schrems II LMS shard-routing w/ 6 shards EU-FRA/EU-AMS/UK-LON/US-IAD/CA-YYZ/AU-SYD + SCC-required-flag for cross-border US-shard + 34 CFR §99.31 FERPA directory-information + Privacy Act 1988 APP 8 AU + PIPEDA CA + state-AG SOPIPA/SHIELD/SOPPA + EU_FRA highest-protection fallback on VPN/proxy), ≤40 ms enrolment-paint budget, FERPA + GDPR Art. 30 RoPA + SARA Manual 23.0 §2.5© + state-AG audit posture, bundled threat fields on every plan, ASN-level granularity for residential-proxy proctoring fraud detection, and EUR billing.
-
IP Geolocation for Telecom & MSISDN — IP-vs-IMSI MCC/MNC Residency + Roaming-Arbitrage Detection at Session-Init, A2P SMS Grey-Route + AIT Defence at Message-Submission, SIM-Swap + STIR/SHAKEN + Carrier-OAuth Step-Up at Authentication-Callback, and EECC + CALEA + National-LI Jurisdiction Routing at Data-Plane Termination → — Telecom/MSISDN-specific deep-dive: the four IP-control surfaces (IP-vs-IMSI MCC/MNC residency check at session-init w/ MCC→country lookup per ITU-T E.212 + 3GPP TS 23.122 + GSMA roaming-partner ASN allowlist 15169/3320/3215/3209/12876/2856/5089/12389/5400/6453/174/209 + sanctioned-MCC hard-stop IR/KP/SY/CU/MM/IQ/SD/SO + residential-proxy/Tor at consumer-mobile attach impossible-topology reject + hosting-ASN M2M classification flag + roaming-arbitrage detection per GSMA BA.27/IR.34 IPX rec on IP-country ≠ IMSI-home AND ASN ∉ roaming-partner = SIM-clone suspect flag; A2P SMS grey-route + AIT detection at message-submission w/ hosting/VPN origin AIT-score +30, grey-route-destination BD/PK/NG/PH/ID/VN/EG/MA/DZ/TN/KE/TZ/UG/GH + hosting +40, premium-rate +359/+371/+254/+27/+91-1800 prefix +25, sender-ID country mismatch BR ANATEL CNPJ / IN TRAI DLT / DE BNetzA whitelist +15, threshold ≥70 reject + Telesign/Twilio fraud-feed escalation, Tor/residential-proxy outright reject; SIM-swap + STIR/SHAKEN + carrier-OAuth defence at auth-callback w/ VoIP-provider ASN allowlist Bandwidth 397423/55222 + Telnyx 12779 + Voxbone 21859 + Zenlayer 3303 + inteliquent 46887/46562/11151, STIR/SHAKEN attestation downgrade A→C on country-mismatch per FCC TRACED Act + RobocallRules.com 2024, SIM-swap suspect on prior-session IP-country flip within 24h require step-up KBA + eSIM hosting-ASN provisioning reject per GSMA SGP.32; EECC + CALEA + national-LI jurisdiction routing at data-plane termination w/ 10-shard LI-mediation map DE TKG §170 + BNetzA Tk-Üv, FR CPCE L.34-1 + ARCEP, NL Tw 13.1 + ACM, IT CCE Art. 96 quater + MISE, UK IPA 2016 Part 4 + Ofcom + UKHO, US CALEA 47 USC §1001-1010 + 47 CFR §1.20003 + FCC E911 NextGen, CN MIIT + CAC Cybersecurity Law Art. 37, IN DoT + CMS Section 5(2) Indian Telegraph Act, BR ANATEL + LGPD + Marco Civil, AU TCIA + TIA Act 1979 + VPN/proxy/Tor → EU-FRA highest-protection fallback + manual-LI-eval flag + 5G SUCI/SUPI privacy per 3GPP TS 33.501 mismatched-SUPI = potential IMSI-catcher Stingray detection), ≤40 ms session-init paint budget, GSMA WAS + AIB + FBI IC3 + BNetzA + ARCEP audit posture, bundled threat fields on every plan, ASN-level granularity for residential-proxy A2P fraud detection, and EUR billing.
-
IP Geolocation for Cybersecurity Ops — SOC/SIEM Event-Enrichment + Threat-Intel Correlation at Log-Ingest, Zero-Trust IAM Step-Up + Impossible-Travel + ASN-Flip at Authentication, EDR/XDR Alert Triage + C2 Egress Detection via ASN-Classification, and NIS2 + DORA + SOC 2 + ISO 27001 + CMMC + EU CRA Jurisdiction Routing at Audit-Trail Termination → — Cybersecurity-ops specific deep-dive: the four IP-control surfaces (SOC/SIEM event-enrichment + threat-intel correlation at log-ingest with Tor/VPN/residential-proxy/hosting-ASN classification on every source IP + Mandiant + Recorded Future + Anomali + EclecticIQ + Group-IB + AlienVault OTX + abuse.ch + AbuseIPDB + Spamhaus DROP/EDROP + FireHOL threat-feed correlation + residential-proxy ASN allowlist Bright Data AS207990 / Oxylabs AS44946 / Smartproxy AS133752 / IPRoyal AS208045 / NetNut AS61317 / SOAX AS398465 / Geosurf AS199524 + bulletproof-hosting ASN flag DDoS-Guard AS262254 / 1337team AS210848 / King Servers AS44724 / FBW AS197695 + state-actor ASN egress P1-incident-trigger; zero-trust IAM step-up + impossible-travel + ASN-flip at authentication with Okta ThreatInsight + Entra ID Conditional Access + Auth0 Adaptive MFA + Ping + ForgeRock + Duo + JumpCloud + OneLogin + Centrify ingestion + FIDO2/WebAuthn phishing-resistant step-up per CISA Zero Trust Maturity Model v2 + NIST SP 800-207 + CyberArk/Delinea/BeyondTrust/HashiCorp Boundary PAM admin-session-origin allowlist + OFAC SDN + EU CONSILIUM + UK OFSI + UN 1267 sanctioned-country hard-stop; EDR/XDR alert triage + C2 egress detection via ASN-classification with CrowdStrike Falcon + SentinelOne Singularity + Microsoft Defender for Endpoint + Palo Alto Cortex XDR + Trend Vision One + Sophos XDR + Carbon Black telemetry ingest + JA3/JA4 TLS fingerprint + Cobalt Strike hash + LOLBin egress detection powershell/certutil/bitsadmin/msbuild/mshta/rundll32 + MITRE ATT&CK T1071.001 Web-Protocol C2 + T1090.002 External Proxy + T1218 LOLBin + T1573 Encrypted Channel + T1029 Scheduled Transfer beacon-interval analysis; NIS2 + DORA + SOC 2 + ISO 27001 + CMMC 2.0 + EU CRA jurisdiction routing at audit-trail termination with 14-shard notification-map DE BSI Meldepflicht BSIG §8b + FR ANSSI signalement LPM 2018-607 + NL NCSC-NL meldplicht Wbni+Wnbcb + IT ACN segnalazione D.lgs. 138/2024 + IE NCSC-IE S.I. 360/2018 + AT GovCERT NISG 2018 + ES CCN-CERT RD-Ley 7/2022 + PL CERT.PL UoKSC + BE CCB NIS-wet + UK NCSC + ICO 72h NIS Regs 2018 + UK GDPR Art. 33 + US CISA + sector-ISAC CIRCIA 2022 + IN CERT-In 6h-window Apr 2022 + AU ACSC SOCI 2018 + JP NISC + JPCERT/CC + DORA 4h-major-incident EU-financial-sector overlay), ≤40 ms log-ingest budget, NIS2 Art. 23 24h/72h/1-month + DORA Art. 19 4h + GDPR Art. 33 72h audit-trail bundle, bundled threat fields on every plan, ASN-level granularity for C2-vs-cloud-egress discrimination, and EUR billing.
Last reviewed 2026-05-09 · IP Geo API team · Comments / corrections: hello@ipgeo.10b.app
Pairs with the full ipapi.co alternative comparison page — has the complete feature matrix, migration guide, and pricing snapshot.
Get early access — 50% off for 12 months
First 100 signups lock in 50% off any paid plan for the first year. No credit card required — we’ll email you at launch.