rIP detects Fraud in online surveys by tracing, scoring, and visualizing IP addresses

Takes an array of IPs and the keys for the services the user wishes to use (IP Hub, IP Intel, and Proxycheck), and passes these to all respective APIs. Returns a dataframe with the IP addresses (used for merging), country, ISP, labels for non-US IP Addresses, VPS use, and recommendations for blocking. Users also have the option to visualize the distributions.

Especially important in this is the variable "block", which gives a score indicating whether the IP address is likely from a server farm and should be excluded from the data. It is codes 0 if the IP is residential/unclassified (i.e. safe IP), 1 if the IP is non-residential IP (hostping provider, proxy, etc. - should likely be excluded), and 2 for non-residential and residential IPs (more stringent, may flag innocent respondents).

Note: rIP requires users to have active (free) accounts and/or valid keys at iphub, ipintel, and/or proxycheck.

See some related working papers here and here.


Users can install either the stable version released on CRAN:


Or the dev version directly from our GitHub repo:



# Load the library

# Store personal keys for IP service pings (here we include only "ipHub" as an example)
ip_hub_key <- "MzI2MTpkOVpld3pZTVg1VmdTV3ZPenpzMmhodkJmdEpIMkRMZQ=="
ipsample <- data.frame(rbind(c(1, ""), c(2, "")))
names(ipsample) <- c("number", "IPAddress")

# Call the function
getIPinfo(ipsample, "IPAddress", iphub_key = ip_hub_key)


We thank Tyler Burleigh for his help on this tool.

Try the rIP package in your browser

Any scripts or data that you put into this service are public.

rIP documentation built on May 30, 2019, 1:01 a.m.