At FraudGuard.io, we have spent nearly a decade studying and analyzing cyber threats through one of the most extensive honeypot networks in the industry. This wealth of intelligence has been used to train a proprietary AI model, specifically designed to detect malicious behavior in access log data. LogGuard AI is the culmination of years of threat intelligence, leveraging machine learning to proactively identify bad actors, attack patterns, and security anomalies before they escalate into major security incidents.
LogGuard AI offers two integration models to fit your infrastructure and security needs: an API-driven approach with database storage or a fully transient AWS S3-based model.
Experience the power of FraudGuard-enriched access logs and real-time API-driven threat intelligence.
With LogGuard AI, every log entry is analyzed, enriched, and categorized, giving you deep insights into potential security risks.
Below, you'll find real-life API responses and S3 log outputs, showcasing how LogGuard AI delivers detailed attack insights, risk scoring, and automated security intelligence.
[{ "id": "1", "file_name": "access.log", "log_entry": "78.153.140.149 - - [12/Feb/2025:00:19:27 +0000] \"GET /.git/config HTTP/1.1\" 301 162 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36\"", "attack_type": "web_recon", "matched_pattern": "Recon Path Match", "ip": "78.153.140.149", "threat": "honeypot_tracker", "country": "Russia", "asn_organization": "LLC Melt-internet", "isp": "LLC Melt-internet", "organization": "LLC Melt-internet", "blacklisted": "0", "geoblocked": "1", "send_to_ai": "1", "ai_confirmed": "1", "ai_feedback": null, "feedback_at": null, "created_at": "2025-03-18 16:12:28" }, { "id": "9054", "file_name": "access.log.2", "log_entry": "150.136.69.140 - - [10/Feb/2025:17:04:59 +0000] \"GET /wp-content/updates.php HTTP/1.1\" 301 162 \"-\" \"-\"", "attack_type": "sql_injection", "matched_pattern": "updates.php HTTP/1.1\"", "ip": "150.136.69.140", "threat": "honeypot_tracker", "country": "United States", "asn_organization": "ORACLE-BMC-31898", "isp": "Oracle Cloud", "organization": "Oracle Cloud", "blacklisted": "0", "geoblocked": "0", "send_to_ai": "1", "ai_confirmed": "1", "ai_feedback": null, "feedback_at": null, "created_at": "2025-03-18 16:13:05" }]
# IP Address | Timestamp | File Name | Attack Type | Matched Pattern | Country | Threat Category | Blacklisted | Geoblocked | Sent to AI | AI Confirmed | ASN Organization | ISP | Organization | Connection Type | Raw Log Entry 78.153.140.224 [18/Mar/2025:16:13:20 +0000] "access.log.3" path_traversal "../" "Russia" "honeypot_tracker" 0 1 1 1 "LLC Melt-internet" "LLC Melt-internet" "LLC Melt-internet" "Cable/DSL" "78.153.140.224 - - [09/Feb/2025:07:55:10 +0000] "GET /../.env HTTP/1.1" 400 150 "-" "-"" 103.121.39.54 [18/Mar/2025:16:12:28 +0000] "access.log" unknown "N/A" "Bangladesh" "honeypot_tracker" 0 0 1 1 "Digital Dot Net DDN" "Digital Dot Net DDN" "Digital Dot Net DDN" "Cable/DSL" "103.121.39.54 - - [12/Feb/2025:09:01:24 +0000] "GET /.aws/credentials HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"" 78.153.140.149 [18/Mar/2025:16:12:28 +0000] "access.log" web_recon "Recon Path Match" "Russia" "unknown" 0 1 1 1 "LLC Melt-internet" "LLC Melt-internet" "LLC Melt-internet" "Cable/DSL" "78.153.140.149 - - [12/Feb/2025:00:19:27 +0000] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"" 150.136.69.140 [18/Mar/2025:16:13:05 +0000] "access.log.2" sql_injection "updates.php HTTP/1.1"" "United States" "honeypot_tracker" 0 0 1 1 "ORACLE-BMC-31898" "Oracle Cloud" "Oracle Cloud" "Corporate" "150.136.69.140 - - [10/Feb/2025:17:04:59 +0000] "GET /wp-content/updates.php HTTP/1.1" 301 162 "-" "-"" 89.44.9.80 [18/Mar/2025:16:15:17 +0000] "access.log" unknown "N/A" "France" "anonymous_tracker" 0 0 1 1 "M247 Ltd" "M247 Ltd" "M247 Ltd" "Corporate" "89.44.9.80 - - [12/Feb/2025:09:53:46 +0000] "GET /main.yml HTTP/1.1" 404 1387 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"" 195.178.110.163 [18/Mar/2025:16:12:28 +0000] "access.log" web_recon "Recon Path Match" "United States" "honeypot_tracker" 0 0 1 1 "SPRINTLINK" "Sprint" "Sprint" "Corporate" "195.178.110.163 - - [12/Feb/2025:05:29:00 +0000] "GET /prod/.env HTTP/1.1" 301 162 "-" "l9explore/1.2.2"" 195.178.110.163 [18/Mar/2025:16:12:28 +0000] "access.log" web_recon "Recon Path Match" "United States" "honeypot_tracker" 0 0 1 1 "SPRINTLINK" "Sprint" "Sprint" "Corporate" "195.178.110.163 - - [12/Feb/2025:05:29:01 +0000] "GET /settings/.env HTTP/1.1" 301 162 "-" "l9explore/1.2.2"" 106.75.186.101 [18/Mar/2025:16:12:28 +0000] "access.log" unknown "N/A" "China" "honeypot_tracker" 0 1 1 1 "CHINANET Guangdong province network" "China Telecom Guangdong" "China Telecom Guangdong" "Corporate" "106.75.186.101 - - [12/Feb/2025:02:20:59 +0000] "{\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x2245JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\x22,\x22pass\x22:\x22xxoo\x22,\x22agent\x22:\x22xmr-stak-cpu/1.3.0-1.5.0\x22},\x22id\x22:1}" 400 150 "-" "-"" 66.240.236.119 [18/Mar/2025:16:12:28 +0000] "access.log" unknown "N/A" "United States" "honeypot_tracker" 0 0 1 1 "CARINET" "CariNet" "CariNet" "Corporate" "66.240.236.119 - - [12/Feb/2025:00:36:01 +0000] "GET /.well-known/security.txt HTTP/1.1" 301 162 "-" "-"" 80.82.77.202 [18/Mar/2025:16:12:28 +0000] "access.log" unknown "N/A" "Netherlands" "botnet_tracker" 0 0 1 1 "IP Volume inc" "IP Volume inc" "IP Volume inc" "Corporate" "80.82.77.202 - - [12/Feb/2025:01:00:01 +0000] "\x16\x03\x02\x01o\x01\x00\x01k\x03\x02RH\xC5\x1A#\xF7:N\xDF\xE2\xB4\x82/\xFF\x09T\x9F\xA7\xC4y\xB0h\xC6\x13\x8C\xA4\x1C=\x22\xE1\x1A\x98 \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC0" 400 150 "-" "-"" 45.148.10.90 [18/Mar/2025:16:12:28 +0000] "access.log" web_recon "Recon Path Match" "Netherlands" "honeypot_tracker" 0 0 1 1 "Pptechnology Limited" "DMZHOST" "DMZHOST" "Cable/DSL" "45.148.10.90 - - [12/Feb/2025:01:11:29 +0000] "GET /.git/config HTTP/1.1" 301 162 "-" "l9explore/1.2.2"" 80.94.95.157 [18/Mar/2025:16:12:28 +0000] "access.log" web_recon "Recon Path Match" "Romania" "honeypot_tracker" 0 0 1 1 "Bunea TELECOM SRL" "Bunea TELECOM SRL" "Bunea TELECOM SRL" "Cable/DSL" "80.94.95.157 - - [12/Feb/2025:01:56:21 +0000] "GET /wp-login.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36""
Once LogGuard AI has enriched your log data and flagged high-risk events, the next step is action. Here’s how companies use these insights to improve their defenses:
Getting started with LogGuard AI is simple. Our team will guide you through a seamless onboarding process to ensure quick and efficient integration. LogGuard AI is available exclusively with the FraudGuard Enterprise Plan at $999/month, which includes up to 100GB of access log processing. Need more? Additional usage is just $1 per GB — scale confidently without surprise costs.
Want to see it in action? We offer a 7-day trial — just email us at hello@fraudguard.io to get started.