IP Geolocation for Ad-Tech — RTB Enrichment, Invalid-Traffic Filtering, and Geo-Targeting

Why ad-tech is its own axis: programmatic exchanges (DSPs, SSPs, ad networks, MMPs) operate on a sub-100 ms bid-response budget and live or die by invalid-traffic (IVT) ratios. The IAB TAG / MRC certification floor is a measurable IVT rate — and the IP layer is where the cheapest, fastest filter sits, ahead of any device-graph or fingerprint pass.

The country an IP resolves to, the ASN it belongs to, and whether it’s a known datacenter, VPN, proxy, or Tor exit are inputs to three separate ad-tech control surfaces:

1. Bid enrichment in RTB / OpenRTB 2.6 — enrich the device.geo + device.ip block before the bid request hits the DSP so targeting and floor rules can fire on a single round-trip.
2. SIVT / IVT filtering — Sophisticated Invalid Traffic (sourced from datacenter IPs, anonymizers, bot farms, residential-proxy networks) is what gets your network de-listed from major DSPs and SSPs; IP-layer filters catch most of it pre-bid.
3. Click fraud + post-impression attribution — for performance campaigns (CPA, CPI, CPL) the IP at click time vs the IP at conversion + ASN reputation drive payout decisions and refund disputes.

A single REST call to IP Geo API returns all three signal classes — country/region, ASN, threat-flags (VPN/proxy/Tor/hosting/relay) — on every plan, no add-on SKU, ≤40 ms median in EU.

What ad-tech buyers care about (in order)

1. Latency budget ≤40 ms. OpenRTB bid windows are typically 80-120 ms wall-clock; the IP enrichment hop must finish in ≤40 ms or the bid gets dropped. IP Geo API runs on EU edges (Hetzner Frankfurt) for ≤30-40 ms median across DE/NL/FR/IE/UK.
2. EU residency + GDPR/ePrivacy posture. Ad-tech is the regulator’s favourite hunting ground — IAB Europe TCF v2.2, Schrems II, the German FDPIC, the French CNIL, the Dutch AP. Customer IPs cannot be transferred to a US vendor without §28 GDPR DPA + SCCs + TIA. IP Geo API is EU-only data-flow, signed DPA in 24h, no SCCs required.
3. Threat fields on every plan, not a separate SKU. Most US incumbents (MaxMind, ipinfo.io, ipstack) split datacenter/VPN/proxy classification into a paid Security Module or Privacy add-on. IP Geo API ships is_vpn, is_proxy, is_tor, is_hosting, is_relay, and a numeric risk_score on the free tier.
4. ASN-level granularity for SIVT. The IAB SIVT taxonomy explicitly calls out hosting/datacenter ASNs as the #1 source — DigitalOcean, OVH, Hetzner-Cloud, AWS, GCP, Azure, Linode, M247, DataCamp Limited, Hurricane Electric. We expose asn, asn_org, and is_hosting as first-class fields so your filters can block at ASN granularity without maintaining a list yourself.
5. Predictable EUR billing. Ad-tech budgets are EUR-denominated for EU clients; USD-billed vendors create FX surprises at quarter-end. IP Geo API is monthly EUR, no annual prepay, no FX line item.

The three ad-tech control surfaces, in code

1. RTB bid enrichment — sub-40 ms device.geo + IVT flags

// /api/rtb/bid-enrich.js — Node 20 / fastify
// Called from the bidder hot-path; budget ≤40 ms wall clock.
const fetch = require('undici').fetch;

async function enrichBidRequest(bidReq) {
  const ip = bidReq.device?.ip || bidReq.device?.ipv6;
  if (!ip) return bidReq;

  // Hot-path: cache 1 h, EU edge, ≤40 ms p95
  const geo = await fetch(`https://api.ipgeo.10b.app/v1/lookup/${ip}`, {
    headers: { Authorization: `Bearer ${process.env.IPGEO_KEY}` },
    signal: AbortSignal.timeout(40)
  }).then(r => r.json()).catch(() => null);
  if (!geo) return bidReq;

  bidReq.device.geo = {
    ...bidReq.device.geo,
    country: geo.country_code,    // ISO-3 in OpenRTB but ISO-2 from API; map upstream
    region:  geo.region_code,
    city:    geo.city,
    zip:     geo.postal_code,
    type:    1                     // 1 = GPS/Location Services per OpenRTB
  };

  // Custom ext block for downstream IVT filtering
  bidReq.device.ext = {
    ...bidReq.device.ext,
    asn:        geo.asn,
    asn_org:    geo.asn_org,
    is_hosting: geo.is_hosting ? 1 : 0,
    is_vpn:     geo.is_vpn ? 1 : 0,
    is_proxy:   geo.is_proxy ? 1 : 0,
    is_tor:     geo.is_tor ? 1 : 0,
    risk_score: geo.risk_score
  };
  return bidReq;
}

SLA note: the AbortSignal.timeout(40) ensures the enrichment never blows the 100 ms bid window. On miss, the bid still goes out — device.geo just falls back to whatever the SSP supplied.

2. SIVT / IVT filtering at impression and click

# Python / FastAPI — invoked at impression-pixel fire and click-redirect
from fastapi import FastAPI, Request

DATACENTER_BLOCK_ASNS = {  # IAB SIVT-confirmed hosting ASNs (sample)
    14061, 16509, 14618, 8075,  # DigitalOcean, AWS, Azure
    16276, 24940, 63949,         # OVH, Hetzner-Cloud, Linode
    9009, 174,                    # M247, Cogent
}

def classify_traffic(geo):
    # GIVT — General Invalid Traffic
    if geo["is_tor"]:
        return ("GIVT", "tor_exit_node")
    if geo["is_hosting"] and not geo["is_relay"]:
        return ("GIVT", f"datacenter_asn:{geo['asn']}")
    if geo["asn"] in DATACENTER_BLOCK_ASNS:
        return ("GIVT", f"known_dc_asn:{geo['asn']}")

    # SIVT — Sophisticated Invalid Traffic (residential proxies, VPN-mixed-with-bot-pattern)
    if geo["is_proxy"] and geo["risk_score"] > 60:
        return ("SIVT", "residential_proxy_high_risk")
    if geo["is_vpn"] and geo["risk_score"] > 80:
        return ("SIVT", "vpn_high_risk")

    return ("VALID", None)

The IP-layer pre-filter catches 70-80% of GIVT and 30-40% of SIVT at near-zero cost (≤40 ms, ~€0,0001/lookup) before any device-fingerprint or behavioural pass is needed. The remaining SIVT is what downstream IAB-TAG-certified verification (DoubleVerify, IAS, MOAT) is for.

3. Click-fraud filtering + post-back attribution

// /api/track/click.js
const geo = await ipgeoLookup(clickIP);
let risk = geo.risk_score;

if (geo.is_hosting)                              risk += 30; // datacenter click ≈ always fraud
if (geo.is_vpn || geo.is_proxy)                  risk += 20;
if (geo.is_tor)                                  risk += 40;
if (geo.country_code !== campaign.target_iso2)   risk += 15; // geo-mismatch
if (DC_ASNS.includes(geo.asn))                   risk += 25;

const action =
  risk > 80 ? 'reject_no_payout' :
  risk > 60 ? 'flag_for_audit'   :
  risk > 40 ? 'count_no_payout'  : 'allow';

await audit.write({
  click_id: req.query.cid, ip: clickIP, country: geo.country_code,
  asn: geo.asn, is_hosting: geo.is_hosting, risk, action, ts: Date.now()
});

Why this composes: the IP signal at click time is the only signal you have for an unauthenticated user before they convert. Device-fingerprint, ad-ID (IDFA/GAID), and behavioural data only become available after the click — IP is the gate.

Pricing math for a typical EU ad-tech stack

An ad-tech network running 5 M bid requests/mo at € 0,99 average CPM with a 0,4% IVT-rate-reduction recovers the entire Business tier (€ 99) in the first 600 fewer fraudulent impressions — and IVT-rate reductions of 0,4 ppt are conservative for first-pass IP filtering on a previously-unfiltered stack.

Honest limits — what IP geolocation is not for in ad-tech

• It is not a substitute for IAB-TAG-certified MRC verification. DoubleVerify, IAS, MOAT, and Pixalate maintain proprietary SIVT models that combine IP + behavioural + creative-rendering signals. IP geolocation is the first-line filter that makes their downstream sampling cheaper, not a replacement.
• It is not enough for fingerprinting under ePrivacy. Combining IP + UA + screen-res for cross-site tracking without consent is a CNIL/AP-actionable offence in the EU; IP-country alone for geo-targeting is generally allowed under legitimate interest, but device-graph fingerprinting crosses the consent line.
• Mobile carrier-grade NAT (CG-NAT) blurs city resolution. ~15-20% of mobile traffic in DE/IT/FR resolves to the carrier hub, not the subscriber location. Country + ASN are reliable; city/zip granularity is not. For mobile-app campaigns, fall back to ad-ID-based geo when CG-NAT is detected.
• Privacy-first relay services are increasingly visible but harder to classify. Apple iCloud Private Relay, Google Privacy Proxy, Firefox VPN, and Brave Firewall+VPN generate IPs that look residential but mask origin. We classify these as is_relay separately so DSPs can apply policy per advertiser (some treat relays as opted-in privacy, others block).
• The MaxMind GeoIP2 traits.is_anonymous_proxy field is deprecated. If you’re still firing on it, your filter has been stale since 2022. The replacement is traits.is_anonymous_vpn + traits.is_hosting_provider + traits.is_tor_exit_node — IP Geo API maps these to flat is_vpn / is_hosting / is_tor fields.

IP geolocation’s job in an ad-tech stack is to cheaply route so the expensive verifications (MRC-certified SIVT, viewability, brand-safety scans) only activate for ambiguous cases — saving 60-80% of cost without giving up IVT-rate control.

Related use-cases

The ad-tech surface composes from these IP Geo API use-case patterns:

• Fraud detection — ../use-cases/fraud-detection/ — risk scoring, VPN/proxy/Tor/datacenter flags, ASN reputation.
• Bot / WAF security — ../use-cases/bot-security/ — bot-farm, residential-proxy, scraping-cluster filtering at the IP layer.
• Geoblocking & compliance — ../use-cases/geoblocking-compliance/ — region-restricted campaigns (e.g. gambling, crypto, supplements), age-gating jurisdictions.
• Visitor analytics — ../use-cases/visitor-analytics/ — cookieless attribution, country-of-impression breakdown, channel-mix telemetry.
• Geo personalization — ../use-cases/geo-personalization/ — creative variant selection by inferred country, language fallback chain.
• Geo pricing — ../use-cases/geo-pricing/ — CPM floor adjustment by country tier, FX-aware bid-floor logic.

Compare IP Geo API to the providers ad-tech buyers evaluate

If you’re shortlisting vendors for an ad-tech RFP — typically driven by your IVT/fraud team or a procurement function — these head-to-heads cover the providers most often shortlisted in the IP-geolocation market:

• IP Geo API vs MaxMind — ../compare/maxmind/ — REST SaaS vs MMDB-download licensing, traits-field deprecation pain, when the binary still wins.
• IP Geo API vs ipinfo.io — ../compare/ipinfo-io/ — EU residency, EUR billing, Privacy Detection add-on vs bundled threat fields.
• IP Geo API vs ipstack — ../compare/ipstack-com/ — HTTPS-on-free, EU hosting, Security Module bundling.
• IP Geo API vs ipapi.co — ../compare/ipapi-co/ — bundled-everything pricing, attribution-backlink obligations.
• IP Geo API vs ipgeolocation.io — ../compare/ipgeolocation-io/ — separately-priced Security API SKU vs bundled threat block, USD vs EUR billing.
• IP Geo API vs IP2Location — ../compare/ip2location-com/ — REST-only managed API vs annual BIN/CSV/MMDB licensing, IP2Proxy bundling cost.
• IP Geo API vs DB-IP — ../compare/db-ip-com/ — attribution-free free tier, EU-edges-only, bundled threat detection.

Read also — narrative deep-dives

Seven 2026-dated comparison articles with code-level migration sketches and latency / pricing math at 100K / 1M / 10M req/mo:

• IP Geo API vs ipinfo.io in 2026: When the EU Alternative Wins (and When It Doesn’t) →
• IP Geo API vs MaxMind in 2026: SaaS vs DB Download — Which Stack Wins? →
• IP Geo API vs ipstack in 2026: HTTPS-on-Free, EU Hosting, and the Security Module Question →
• IP Geo API vs ipapi.co in 2026: Free-Tier Generosity vs Predictable Latency →
• IP Geo API vs ipgeolocation.io in 2026: Bundled Endpoints, Bundled Threat-Detection, and the EU-Residency Question →
• IP Geo API vs IP2Location in 2026: REST-First vs Database-Download — Which Model Wins for Your Stack? →
• IP Geo API vs DB-IP in 2026: REST-First vs DB-Download — Which EU Vendor Wins for Your Stack? →

Migration walkthroughs — drop-in code-level guides

Already on an incumbent? These step-by-step migration guides ship with field-by-field maps, code diffs, shadow-mode validation, and rollback notes:

• Migrate from MaxMind GeoIP2 to IP Geo API (2026) → — drop the weekly .mmdb sync, swap to a REST call with the same field shape.
• Migrate from ipinfo.io to IP Geo API (2026) → — loc-string parsing, org ASN+name regex split, Authorization-header edge-stripping.
• Migrate from ipstack to IP Geo API (2026) → — HTTP→HTTPS scheme flip, security.* empty-vs-populated branch behaviour.
• Migrate from ipapi.co to IP Geo API (2026) → — per-day rate-limit fragmentation, attribution-backlink scrub.
• Migrate from ipgeolocation.io to IP Geo API (2026) → — Security API SKU consolidation, apiKey-in-URL log-leak hardening.
• Migrate from IP2Location to IP Geo API (2026) → — BIN/CSV/MMDB-download decommission, IP2Proxy SKU consolidation, USD-annual-to-EUR-monthly billing migration.
• Migrate from DB-IP to IP Geo API (2026) → — MMDB/CSV-download decommission, CC-BY-4.0 attribution-backlink scrub, countryCode3 ISO-3 vs ISO-2 gotchas.

Industry deep-dives

Other vertical-specific surfaces using the same IP Geo API primitives:

• Fintech — KYC, sanctions screening, and payment fraud → — country-of-origin + ASN + threat-fields for KYC + OFAC/EU-sanctions + per-transaction risk scoring.
• iGaming — Licence-jurisdiction enforcement, anti-circumvention, self-exclusion → — hard-fail-closed posture for MGA/UKGC/KSA/DGOJ/ANJ/ADM/DAS, residential-proxy ASN block-list, GamStop/CRUKS/ROFUS/Spelpaus/OASIS register routing by IP-country.
• SaaS monetization — geo-pricing (PPP), VAT/GST tax routing, trial-abuse defence, OFAC/BIS gates → — PPP-adjusted tiering, EU OSS/IOSS + UK/AU/SG/IN GST + US Wayfair nexus, residential-proxy ASN block-list for card-testing defence, OFAC SDN + EU CFSP + BIS Entity-List feature-gates.
• Streaming media — geo-licensing enforcement, anti-circumvention, CDN POP steering, SSAI ad-insertion → — per-territory licensing with HTTP 451 hard-fail-closed at manifest stitch + per-event sports blackout via Haversine GPS-distance, residential-proxy ASN block-list at session-init, CDN POP steering across AMS/FRA/LON/CDG/MIL/IAD/GRU + 3-tier adaptive-bitrate ladder, SSAI ad-insertion targeting with regionalised ad-pools and per-event blackout enforcement.
• E-commerce — EU OSS / UK VAT / US Wayfair tax routing, BIN-vs-IP carding, PPP-adjusted pricebook, fulfilment routing → — checkout-time tax-jurisdiction routing across EU OSS 27 destination-VAT + UK VAT 20% + US Wayfair 13-state nexus + CA per-province GST/HST + AU/SG/IN/BR/JP GST/ICMS/JCT with sanctions hard-stop on IR/KP/SY/CU/BY/RU/MM/VE, BIN-vs-IP carding + refund-fraud 6-factor weighted scoring with residential-proxy ASN block-list, PPP-adjusted 7-tier pricebook on first paint with VPN/proxy fall-back to BIN-billing-country, 9-warehouse fulfilment routing FRA/AMS/MAD/MIL/DOV/IAD/LAX/DEL/SIN with DDP/DDU duty pre-calc and lithium/aerosol/prescription destination-gates.
• Healthcare — Cross-Border Telehealth Licensing, HIPAA PHI/EPHI Access Geofencing, EU Patient-Data Residency w/ Schrems II Routing, Cross-Border Pharma + DEA Schedule Gating → — consult-init telehealth licensure match across US IMLC 41-state partial + CA/FL/NY/TX independent + EU MRPQ Directive 2005/36/EC + DE Bundesärztekammer + NL BIG + FR ONM + UK GMC w/ HTTP 451 hard-fail-closed on jurisdiction-mismatch + NO_RECIPROCITY hard-stop on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO, HIPAA 45 CFR §164.308(a)(4) PHI/EPHI access geofencing w/ clinical-ASN allowlist Epic/Cerner/Allscripts/Mayo/MGH/Cleveland/Kaiser + residential-proxy ASN reject Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + home-office BAA-attested workstation allowlist + risk_score < 30 soft-allow, EU patient-data residency w/ GDPR Art. 9 special-category + EDPB Recommendations 01/2020 supplementary technical measures + Schrems II SCC flag for US-shard + routing to 6 EHR shards EU-FRA/EU-AMS/UK-LON/US-IAD/CA-YYZ/AU-SYD w/ VPN/proxy fall-back to EU-FRA highest protection, cross-border pharma + controlled-substance gating w/ DEA Schedules I-V + Ryan Haight Act §3 in-person-eval for telemed Rx + EU Falsified Medicines Directive 2011/62/EU originator-country audit + per-country bans for cannabis/CBD/psilocybin/MDMA/kratom.

Get started — ad-tech-friendly procurement

• Free tier: 1 000 lookups / day, no credit card. Useful for pilot integration in dev / staging DSP.
• Starter €29/mo: 33 K lookups / day, all threat fields, EU residency, ≤40 ms median latency.
• Business €99/mo: 500 K lookups / day, SLA-backed, priority queue, full IVT-classification fields.
• DPA + SCCs: one-page artifact, EU-only data flows, signed in 24 h — drop into your IAB Europe TCF v2.2 vendor list without legal review.

Sign up at https://ipgeo.10b.app/pricing and start with a sandbox key today.