Cleaning data out of a text file?

dbrewood · September 22, 2021, 9:13am

I need some help here guys. I get emails from my router which detail security attacks, etc. I’m wanting to export that email into a text file (manually), and then use some sort of script to remove everything, just leaving the IP addresses.

That way I have a ‘block list’ of IP’s that I can load into my NAS.

Typical data in the email looks like:

[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Tuesday, September 21, 2021 23:58:07
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 23:44:05
[DoS Attack: TCP/UDP Chargen] from source: 157.230.51.82, port 33556, Tuesday, September 21, 2021 23:37:41
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 23:25:42
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 23:18:44
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Tuesday, September 21, 2021 23:02:09
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 23:01:33
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Tuesday, September 21, 2021 22:58:38
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Tuesday, September 21, 2021 22:42:14
[DoS Attack: ACK Scan] from source: 52.98.207.133, port 32730, Tuesday, September 21, 2021 22:41:19
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:37:21
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 22:28:22
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Tuesday, September 21, 2021 22:25:48
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:25:15
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:07:42
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 21:56:16
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 21:45:25
[DoS Attack: SYN/ACK Scan] from source: 103.144.31.100, port 9015, Tuesday, September 21, 2021 21:43:31
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:42:20
[DoS Attack: SYN/ACK Scan] from source: 88.221.182.233, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 88.221.182.233, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:39:00
[DoS Attack: SYN/ACK Scan] from source: 51.75.166.224, port 22, Tuesday, September 21, 2021 21:37:23
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:35:48
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 21:35:47
[DoS Attack: SYN/ACK Scan] from source: 199.127.62.3, port 25565, Tuesday, September 21, 2021 21:30:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 21:29:44
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Tuesday, September 21, 2021 21:28:45
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Tuesday, September 21, 2021 21:23:52
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 21:17:21
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 39360, Tuesday, September 21, 2021 21:15:50
[DoS Attack: RST Scan] from source: 66.42.56.203, port 3389, Tuesday, September 21, 2021 21:13:47
[DoS Attack: SYN/ACK Scan] from source: 66.42.56.203, port 3389, Tuesday, September 21, 2021 21:13:26
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Tuesday, September 21, 2021 21:05:49
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:59:14
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Tuesday, September 21, 2021 20:55:59
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:29:00
[DoS Attack: TCP/UDP Chargen] from source: 94.102.49.193, port 29921, Tuesday, September 21, 2021 20:27:49
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:21:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:11:50
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Tuesday, September 21, 2021 20:03:35
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 20:02:00
[DoS Attack: ACK Scan] from source: 94.140.15.15, port 443, Tuesday, September 21, 2021 20:00:15
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:45:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:37:28
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Tuesday, September 21, 2021 19:22:32
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:15:43

Can this be accomplished via Applescript? Ideally I’d like to drag / drop the source file on a script and it’s then export the data to the same file / location with ‘_IP’ added to the file name? Worst case throw it on screen so I can copy / paste it out.

Thanks in advance for any help

peavine · September 22, 2021, 1:33pm

I’ve included my suggestion below. To test this script, save it as an Applescript application on the desktop and drag and drop the source file on the application’s icon. A new file will be created as you request.

I tested this script and it worked without issue. However, parsing the text from the source file could be an issue. If the script does not work as expected, please provide some detail as to what happens.

use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	set theIPFile to getFileName(theFile)
	set theText to ((current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)) as text)
	set theIPData to getIPData(theText)
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
	set text item delimiters to {"source: ", ", port"}
	set theData to {}
	repeat with aParagraph in (paragraphs of theText)
		try
			set end of theData to text item 2 of aParagraph
		end try
	end repeat
	set text item delimiters to linefeed
	set theData to theData as text
	set text item delimiters to {""}
	return theData
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:"_IP")'s stringByAppendingPathExtension:fileExtension)
end getFileName

KniazidisR · September 22, 2021, 1:41pm

@peavine,
add removing duplicates as well.

dbrewood · September 22, 2021, 2:01pm

@peavine that worked perfectly! Is it also possible to sort the IP’s in order?

@KniazidisR where in the script do I place that code?

Very much appreciated guys… this saves me so much work!

KniazidisR · September 22, 2021, 2:29pm

Following @peavine’s edited script will remove duplicates and sort the list (see 2 ADDED code lines):


use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	set theIPFile to getFileName(theFile)
	set theText to ((current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)) as text)
	set theIPData to getIPData(theText)
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
	set text item delimiters to {"source: ", ", port"}
	set theData to {}
	repeat with aParagraph in (paragraphs of theText)
		try
			set end of theData to text item 2 of aParagraph
		end try
	end repeat
	set aSet to current application's NSSet's setWithArray:theData -- ADDED
	set theData to ((aSet's allObjects())'s sortedArrayUsingSelector:"localizedStandardCompare:") as list -- ADDED
	set text item delimiters to linefeed
	set theData to theData as text
	set text item delimiters to {""}
	return theData
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:"_IP")'s stringByAppendingPathExtension:fileExtension)
end getFileName

dbrewood · September 22, 2021, 2:42pm

Thanks! If I run it I get an error stating

-[___NSSetl arraty]: unrecognised selector sent to instance.

No ideas what that means

KniazidisR · September 22, 2021, 2:57pm

I found 2 errors in my script. I have now updated it with the necessary fixes.

dbrewood · September 22, 2021, 3:02pm

That is truly awesome and wonderful. That works perfectly and saves so much work!

Many, many thanks to you both!

peavine · September 22, 2021, 4:37pm

dbrewood. I’m glad that worked and you’re most welcome.

I thought it might be an interesting project to rewrite the getIPData handler using ASObjC, and I’ve included that below. The only uncertainty for me was whether each paragraph of the source file could be parsed by calling componentsSeparatedByString only once.

BTW, I haven’t run any timing tests but I suspect KniazidisR’s solution will be faster, and there’s no reason to prefer the following script.

use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	set theIPFile to getFileName(theFile)
	
	set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	set theIPData to getIPData(theText)
	
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
	set theParagraphs to theText's componentsSeparatedByCharactersInSet:(current application's NSCharacterSet's newlineCharacterSet())
	
	set ipData to current application's NSMutableArray's new()
	repeat with aParagraph in theParagraphs
		set aString to item 2 of (aParagraph's componentsSeparatedByString:"source: ")
		set aString to item 1 of (aString's componentsSeparatedByString:", port")
		(ipData's addObject:aString)
	end repeat
	
	set aSet to current application's NSSet's setWithArray:ipData -- this and next line by KniazidisR
	set ipData to ((aSet's allObjects())'s sortedArrayUsingSelector:"localizedStandardCompare:")
	
	return ((ipData's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:" (IP Addresses)")'s stringByAppendingPathExtension:fileExtension)
end getFileName

main()

dbrewood · September 22, 2021, 5:29pm

Thanks for that I’ll keep it as a ‘reserve’ option in case I have any problem with the other script. As it is working though I’ll stick with that for the moment if that is okay?

peavine · September 22, 2021, 6:57pm

dbrewood. Sorry for the confusion.

I rewrote the earlier script with ASObjC just for learning purposes. It allows other members of the forum–who are more knowledgeable than me–to make suggestions for improvement. There’s no reason for you to use my script.

dbrewood · September 22, 2021, 7:12pm

Oh no confusion

I was just wondering on the reasoning. My only coding knowledge was from MS Access years ago so Apple scripting and more modern ways of coding are alien to me

peavine · September 22, 2021, 9:39pm

Just to make sure, I went ahead and ran timing tests with Script Geek on the two script alternatives, and the results were:

KniazidisR’s script in post 5 - 12 milliseconds

My script in post 9 - 101 milliseconds

Essentially all of this difference is attributable to the speed advantage of the text item delimiters used in KniazidisR’s script.

wch1zpink · September 22, 2021, 10:02pm

Here is another AppleScript option which takes a completely different route, using much less code and is pretty quick also.

This assumes the file being dropped onto this applet is a text file and its contents are in the same format as per the example given in the original post.

In short, rather than creating a new file every time a file is dropped onto this applet, dropping a text file onto this Droplet will strip out everything but the IP numbers and Port numbers, which will be logged to a file named “Cleaned_IPs.txt” in the same folder as the original dropped file. (That log file shows the file processed and its path, the date and time of each and has duplicate entries removed and is numerically sorted)

property stripText : " | cut -d' ' -f7-9 | tr -d ',' | sort --numeric-sort | uniq"

on open of theFiles -- Handles single or multiple dropped files
	repeat with aFile in theFiles
		set theDate to (current date) as text
		tell application "Finder" to set sourceFilePath to container of aFile as alias
		set cleanedText to do shell script "cat " & ¬
			quoted form of POSIX path of aFile & stripText
		
		----------  Option 1. ---------- Verbose & Appending
		set theData to ("From file: " & quoted form of POSIX path of aFile & ¬
			" - " & theDate & linefeed & linefeed & cleanedText & linefeed)
		--------------------------------
		
		----------  Option 2. ---------- Combined, De-Duped, Sorted - IP's & Ports Only
		--set theData to cleanedText
		--------------------------------
		
		do shell script "echo " & quoted form of theData & " >> " & ¬
			quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
		do shell script "sort | uniq " & quoted form of ¬
			POSIX path of sourceFilePath & "Cleaned_IPs.txt" & " | pbcopy ; pbpaste > " & ¬
			quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
	end repeat
end open

dbrewood · September 23, 2021, 6:23am

That is cool! I do only need the IP addresses, the port numbers need to go.

I’m amazed in all the interest the request is gaining

wch1zpink · September 23, 2021, 5:02pm

This will extract all of the IP addresses from the text files dropped onto this applet. The IP’s will be added and appended to the “Cleaned_IPs.txt” file while numerically sorting and removing any duplicate entries.

property stripText : " | cut -d' ' -f7 | tr -d ',' |  sort --numeric-sort | uniq"

on open of theFiles -- Handles single or multiple dropped files
	repeat with aFile in theFiles
		tell application "Finder" to set sourceFilePath to container of aFile as alias
		set cleanedText to do shell script "cat " & ¬
			quoted form of POSIX path of aFile & stripText
		do shell script "echo " & quoted form of cleanedText & " >> " & ¬
			quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
		do shell script "sort | uniq " & quoted form of ¬
			POSIX path of sourceFilePath & "Cleaned_IPs.txt" & ¬
			" | pbcopy -pboard ruler ; pbpaste -pboard ruler > " & ¬
			quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
	end repeat
end open

dbrewood · September 23, 2021, 5:12pm

I just gave that code a try, works well but it leaves the output text starting with “source:” at the top of the file as the first line?

e.g.

source:
2.16.75.200
2.17.23.76
23.54.74.141

wch1zpink · September 23, 2021, 5:31pm

Hmm. The text files i am using contains the text from your sample output. This is how my “Cleaned_IPs.txt” file looks…

Try deleting the “Cleaned_IPs.txt” then recompile and save the applet. Then try again. You should get the same results as I do.

dbrewood · September 23, 2021, 6:11pm

Hmmm same result… This is the test file I used:

[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 23:48:43
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 23:46:57
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:45:01
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:38:39
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:34:09
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:33:56
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:25
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: RST Scan] from source: 161.97.168.3, port 29000, Wednesday, September 22, 2021 23:16:40
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 23:10:55
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 22:50:26
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 22:38:21
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 22:35:48
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 22:30:01
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 22:17:40
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 22:12:35
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 21:56:46
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 21:48:24
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 21:47:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 21:30:28
[DoS Attack: UDP Port Scan] from source: 91.132.58.137, port 5062, Wednesday, September 22, 2021 21:28:48
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 21:27:08
[DoS Attack: SYN/ACK Scan] from source: 74.91.121.160, port 22, Wednesday, September 22, 2021 21:24:42
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:56:30
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:49:23
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:48:43
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 20:40:57
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 20:33:41
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:32:14
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:30:23
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 20:14:55
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:12:14
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:11:09
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:10:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:04:56
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 19:51:32
[DoS Attack: SYN/ACK Scan] from source: 104.21.33.76, port 443, Wednesday, September 22, 2021 19:43:40
[DoS Attack: SYN/ACK Scan] from source: 134.255.227.145, port 30120, Wednesday, September 22, 2021 19:33:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 19:33:10
[DoS Attack: ACK Scan] from source: 52.97.219.213, port 59827, Wednesday, September 22, 2021 19:28:33
[DoS Attack: SYN/ACK Scan] from source: 37.157.254.239, port 443, Wednesday, September 22, 2021 19:27:56
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 19:15:59
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 19:15:24
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 19:13:29
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 19:11:22
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 19:10:05
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 19:03:13
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 18:52:36
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 18:45:36
[DoS Attack: RST Scan] from source: 161.97.168.3, port 29000, Wednesday, September 22, 2021 18:45:27
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 18:44:24
[DoS Attack: SYN/ACK Scan] from source: 103.158.36.70, port 80, Wednesday, September 22, 2021 18:43:00
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 18:34:46
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 18:27:46
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 18:17:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 18:09:15
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 18:05:24
[DoS Attack: ACK Scan] from source: 52.98.207.133, port 44801, Wednesday, September 22, 2021 18:00:32
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 17:40:16
[DoS Attack: SYN/ACK Scan] from source: 2.17.23.76, port 443, Wednesday, September 22, 2021 17:35:04
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 17:23:28
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 17:17:55
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:45
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:45
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:45
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:45
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:45
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:12
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:12
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:12
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:12
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 17:06:37
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39086, Wednesday, September 22, 2021 17:06:13
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 17:03:30
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 17:02:50
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 17:02:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 17:01:33
[DoS Attack: ACK Scan] from source: 92.122.165.102, port 443, Wednesday, September 22, 2021 16:55:24
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:47:56
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 16:35:15
[DoS Attack: RST Scan] from source: 91.191.209.163, port 43200, Wednesday, September 22, 2021 16:27:23
[DoS Attack: RST Scan] from source: 92.63.197.105, port 55135, Wednesday, September 22, 2021 16:26:54
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Wednesday, September 22, 2021 16:24:31
[DoS Attack: RST Scan] from source: 45.95.147.3, port 59914, Wednesday, September 22, 2021 16:19:28
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 16:19:01
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:16:05
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:09:51
[DoS Attack: ICMP Scan] from source: 146.0.77.38, Wednesday, September 22, 2021 16:03:57
[DoS Attack: ACK Scan] from source: 146.0.77.38, port 48926, Wednesday, September 22, 2021 16:03:57
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 15:57:40
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 15:55:58
[DoS Attack: ACK Scan] from source: 92.122.165.102, port 443, Wednesday, September 22, 2021 15:48:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 15:40:41
[DoS Attack: SYN/ACK Scan] from source: 164.132.206.38, port 30120, Wednesday, September 22, 2021 15:36:04
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 15:25:53
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 14:57:50
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 14:53:21
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 14:43:51
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 14:25:15
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 14:01:21
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 13:36:57
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 13:31:14
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 13:21:15
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 50.236.208.90, port 19810, Wednesday, September 22, 2021 12:47:17
[DoS Attack: SYN/ACK Scan] from source: 50.236.208.90, port 19810, Wednesday, September 22, 2021 12:46:52
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 12:18:59
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 12:12:58
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 12:09:21
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 11:53:33
[DoS Attack: ACK Scan] from source: 52.97.129.229, port 61052, Wednesday, September 22, 2021 11:51:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:32:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 11:31:06
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:10:58
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:16
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:16
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:16
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:15
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:15
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:15
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:14
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:14
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:14
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:13
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:13
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:13
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:13
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:13
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:03:18
[DoS Attack: ACK Scan] from source: 133.218.60.126, port 35940, Wednesday, September 22, 2021 11:02:30
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 10:26:07
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 10:15:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 09:47:57
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 09:46:11
[DoS Attack: SYN/ACK Scan] from source: 51.222.154.180, port 44406, Wednesday, September 22, 2021 09:33:29
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 09:32:01
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 09:29:42
[DoS Attack: SYN/ACK Scan] from source: 51.222.154.180, port 44406, Wednesday, September 22, 2021 09:23:27
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.81, port 51094, Wednesday, September 22, 2021 09:04:18
[DoS Attack: SYN/ACK Scan] from source: 81.176.176.156, port 25565, Wednesday, September 22, 2021 09:00:42
[DoS Attack: ACK Scan] from source: 84.53.169.133, port 443, Wednesday, September 22, 2021 08:55:57
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 08:20:06
[DoS Attack: SYN/ACK Scan] from source: 37.157.254.239, port 443, Wednesday, September 22, 2021 07:50:12
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 07:47:16
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 07:42:27
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 07:37:47
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 07:29:35
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 07:17:07
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 06:29:29
[DoS Attack: SYN/ACK Scan] from source: 51.81.164.65, port 22, Wednesday, September 22, 2021 06:23:58
[DoS Attack: ACK Scan] from source: 84.53.169.133, port 443, Wednesday, September 22, 2021 06:16:07
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 05:53:06
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 05:50:46
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 05:48:05
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:38:34
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 05:32:20
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 05:27:23
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:23:36
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 05:19:05
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:14:53
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:56:57
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 04:51:46
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 04:37:41
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:37:16
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 04:35:32
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:34:35
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 04:33:20
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 04:26:15

Marc_Anthony · September 23, 2021, 9:18pm

This is unlikely to be as fast as the delimiter method, but I like regex for this.

For single files:

do shell script "echo " & my (read (choose file))'s quoted form & " | egrep -o '(\\d{1,3}[.]?){4}'  | sort -h | uniq >> " & ((path to desktop as text) & "IP.txt")'s POSIX path's quoted form

As a drop for multiple plain text files:

on open theFiles
	set whatever to {}
	repeat with aFile in theFiles
		set whatever's end to aFile's POSIX path's quoted form & space
	end repeat
	do shell script "cat " & whatever & " | egrep -o '(\\d{1,3}[.]*\\d{1,3}){3}'  | sort -h | uniq > " & ((path to desktop folder as text)'s POSIX path & "/IP.txt")'s quoted form
end open

–edited to improve the pattern