I've seen an interesting behavior in our 80.10 infrastructure.
We use GeoBlocking and many times we'll see where the firewall is dropping the traffic due to a GeoBlock. But, it posts the wrong country's flag next to the IP address.
In the attachment, you'll see 188.8.131.52 being marked with an American flag. However, the destination country is marked as HKG.
Checking the MaxMind GeoIP2 City Database does indeed note the IP is registered to Hong Kong.
MSFT is the owner of the IP block.
So, is the firewall log telling me that the IP is owned by a US company, but assigned in another country?