It’s blurred in the shot so I can’t tell, but you could be looking at a Cloudflare IP and not the visitor’s true IP. In that case, they could’ve been blocked for whichever country IP, but you’ll see U.S. because it’s a Cloudflare IP.
You should look in to setting up mod_remoteip if you think you’ll be needed the true IP address of visitors (not just country code for geo blocking).
Some info here: https://support.cloudflare.com/hc/en-us/articles/360029696071
And the lists of Cloudflare IPs to check against now if you still have the unblurred copy: https://www.cloudflare.com/ips/