This document provides a technical overview of IP Suspicious Activity Detection Process.
The IAS IP Suspicious Activity Detection Process provides a file for partners which contains IP addresses (does not include IPv6 addresses) known to perform invalid traffic. IAS outputs a list of invalid traffic IP addresses hourly to a bucket on your Amazon Web Services (AWS) S3 account.
You need to give your IAS representative the AWS bucket name on your account where you want IAS to put the file. When the AWS bucket name is confirmed, IAS updates the bucket once daily with IP addresses of known bots (IAS requires you to delete this file after 7 days).
For ideal performance, IAS recommends the AWS bucket is in us-east-1.
Partner creates AWS S3 bucket.
IAS Solution Engineering provides bucket policy to attach to the S3 bucket, see "Bucket Policy" below.
Partner gives IAS Solution Engineering the name for the bucket.
IAS updates the bucket once daily, see "File Format Policy".
Partner deletes the file after 7 days.
IAS does not encrypt objects in the bucket. If you require encryption, enable default encryption (SSE-S3) on the bucket.
Apply the following policy on the right on your bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ias",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::454457967641:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<bucket-name>/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
This is an ASCII based, comma separated file without a header row. IAS uses the Eastern Standard Time (EST) and the file name convention: fraud_ips.YYYYMMDDHHMM.tsv.gz, where
Code | Description |
YYYY | Year |
MM | Month |
DD | Day |
HH | Hour |
MM | Minute |
Each row contains the IP address which is performing suspicious traffic. IAS recommends the best practice to avoid all IP addresses.
Here is an example output file:
1.1.1.1
2.1.3.2
Create an IAS case with details of your inquiry to receive help from our internal support team.