Free · No Account Required · NZ Businesses

Find out what's really
attacking your website.

Upload your web server access log. We'll crawl your site, classify every request in your log using our AI blueprint engine, and email you a detailed threat report — completely free, no account needed.

Get my free threat report

Takes less than 5 minutes · Standalone HTML report emailed to you

The Process

Three steps to your report

The whole thing runs automatically. You just submit your domain and upload your log.

Enter your domain & email

Submit your website's domain name and email address. We start crawling your site immediately to build a blueprint of what legitimate traffic looks like.

→

Upload your access log

Once we've crawled your site we'll email you a secure upload link. Drop in your web server access log — nginx, Apache, or a cPanel download. Supports .log, .gz, .zip, and .tar.gz archives.

→

Receive your threat report

We classify every request in your log against your site's blueprint using the same AI engine that powers Moat AIS protection. Your personalised HTML report is emailed to you — ready to open in any browser.

Report Contents

Everything you need to see the threat picture

🎯

Attack volume & severity score

Total requests, attack count, percentage of traffic that was malicious, and an overall risk rating from Low to Critical.

🌐

Top attacking IPs

Every IP that sent malicious traffic, ranked by volume, with their top probe paths and the attack types they used.

📊

Traffic classification breakdown

Legitimate visitors vs bots vs scanners vs attack traffic — visualised as a donut chart and detailed table.

🔍

Attack type breakdown

SQL injection, path scanning, credential stuffing, vulnerability probing — each category ranked by volume with real example URLs from your log.

⏱

24-hour attack timeline

Attack requests per hour so you can see when your site is most targeted and at what sustained rate attacks are arriving.

🛡

What Moat AIS would have blocked

Every attack that reached your server — and confirmation that Moat AIS would have blocked it automatically before it got there.

Log File Guide

Where to find your access log

Your web server keeps a detailed record of every request. Here's where to find it.

nginx

/var/log/nginx/access.log /var/log/nginx/access.log.1

Rotated files are numbered. Pass them all for a fuller picture. Files ending in .gz are automatically decompressed.

Apache

/var/log/apache2/access.log /var/log/httpd/access_log

Location varies by distribution. Check /etc/apache2/ or /etc/httpd/ for your config.

cPanel / shared hosting

cPanel → Metrics → Raw Access

Download the last 7–30 days. cPanel zips logs automatically — just upload the .zip and we'll handle the rest.

Got a .tar.gz or .zip full of logs? No problem — just upload the archive. We'll extract all the log files inside and analyse them together for a complete picture.

FAQ

Common questions

Is this really free?

Yes — completely free, no credit card, no account. We offer it because seeing real attack data on your own site is the most compelling way to understand why protection matters. If you want ongoing 24/7 protection after seeing your report, that's when you'd sign up.

What does "crawling my site" mean?

We visit your website like a regular user would — following links, discovering pages — to build a blueprint of what legitimate URLs look like on your site. This is what lets us tell the difference between a real visitor and an attacker probing for vulnerabilities. It's completely passive and has no impact on your site's performance.

Is my log data kept confidential?

Your log file is used only to generate your report and is deleted from our servers immediately afterwards. We don't store, share, or use your traffic data for any other purpose. The report itself is accessible only via a private token-protected URL that we email to you.

How large can my log file be?

We accept files up to 300 MB. If you have a large archive of rotated logs, zip them all together and upload the zip. We'll extract and analyse everything inside.

How long does it take?

After you submit your domain, the crawl typically takes 2–5 minutes. You'll receive an email with your upload link once it's done. After uploading, the analysis runs in about 1–2 minutes and your report is emailed to you automatically.

My log is from a site that isn't live yet — will it work?

The crawl needs a live, publicly accessible website to build the blueprint. If your site isn't public yet, contact us and we can discuss alternatives.

Free · Takes 5 minutes

Ready to see your threat report?

Enter your domain and email. We'll crawl your site, analyse your logs, and send you a personalised security report — no account, no credit card.