Friday, October 22, 2021

#1 2021-09-22 03:13:25 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Cleaning data out of a text file?

I need some help here guys. I get emails from my router which detail security attacks, etc. I'm wanting to export that email into a text file (manually), and then use some sort of script to remove everything, just leaving the IP addresses.

That way I have a 'block list' of IP's that I can load into my NAS.

Typical data in the email looks like:

[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Tuesday, September 21, 2021 23:58:07
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 23:44:05
[DoS Attack: TCP/UDP Chargen] from source: 157.230.51.82, port 33556, Tuesday, September 21, 2021 23:37:41
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 23:25:42
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 23:18:44
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Tuesday, September 21, 2021 23:02:09
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 23:01:33
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Tuesday, September 21, 2021 22:58:38
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Tuesday, September 21, 2021 22:42:14
[DoS Attack: ACK Scan] from source: 52.98.207.133, port 32730, Tuesday, September 21, 2021 22:41:19
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:37:21
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 22:28:22
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Tuesday, September 21, 2021 22:25:48
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:25:15
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 22:07:42
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Tuesday, September 21, 2021 21:56:16
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Tuesday, September 21, 2021 21:45:25
[DoS Attack: SYN/ACK Scan] from source: 103.144.31.100, port 9015, Tuesday, September 21, 2021 21:43:31
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:42:20
[DoS Attack: SYN/ACK Scan] from source: 88.221.182.233, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 88.221.182.233, port 443, Tuesday, September 21, 2021 21:40:33
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:39:00
[DoS Attack: SYN/ACK Scan] from source: 51.75.166.224, port 22, Tuesday, September 21, 2021 21:37:23
[DoS Attack: SYN/ACK Scan] from source: 195.175.14.2, port 80, Tuesday, September 21, 2021 21:35:48
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 21:35:47
[DoS Attack: SYN/ACK Scan] from source: 199.127.62.3, port 25565, Tuesday, September 21, 2021 21:30:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 21:29:44
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Tuesday, September 21, 2021 21:28:45
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Tuesday, September 21, 2021 21:23:52
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 21:17:21
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 39360, Tuesday, September 21, 2021 21:15:50
[DoS Attack: RST Scan] from source: 66.42.56.203, port 3389, Tuesday, September 21, 2021 21:13:47
[DoS Attack: SYN/ACK Scan] from source: 66.42.56.203, port 3389, Tuesday, September 21, 2021 21:13:26
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Tuesday, September 21, 2021 21:05:49
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:59:14
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Tuesday, September 21, 2021 20:55:59
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:29:00
[DoS Attack: TCP/UDP Chargen] from source: 94.102.49.193, port 29921, Tuesday, September 21, 2021 20:27:49
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:21:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 20:11:50
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Tuesday, September 21, 2021 20:03:35
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Tuesday, September 21, 2021 20:02:00
[DoS Attack: ACK Scan] from source: 94.140.15.15, port 443, Tuesday, September 21, 2021 20:00:15
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:45:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:37:28
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Tuesday, September 21, 2021 19:22:32
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Tuesday, September 21, 2021 19:15:43

Can this be accomplished via Applescript? Ideally I'd like to drag / drop the source file on a script and it's then export the data to the same file / location with '_IP' added to the file name? Worst case throw it on screen so I can copy / paste it out.

Thanks in advance for any help

Offline

 

#2 2021-09-22 07:33:39 am

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

dbrewood wrote:

I need some help here guys. I get emails from my router which detail security attacks, etc. I'm wanting to export that email into a text file (manually), and then use some sort of script to remove everything, just leaving the IP addresses.

Can this be accomplished via Applescript? Ideally I'd like to drag / drop the source file on a script and it's then export the data to the same file / location with '_IP' added to the file name? Worst case throw it on screen so I can copy / paste it out.

Thanks in advance for any help



I've included my suggestion below. To test this script, save it as an Applescript application on the desktop and drag and drop the source file on the application's icon. A new file will be created as you request.

I tested this script and it worked without issue. However, parsing the text from the source file could be an issue. If the script does not work as expected, please provide some detail as to what happens.

Applescript:

use framework "Foundation"
use scripting additions

on open theDroppedItems
   set theFile to POSIX path of item 1 of theDroppedItems
   set theIPFile to getFileName(theFile)
   set theText to ((current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)) as text)
   set theIPData to getIPData(theText)
   (current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
   set text item delimiters to {"source: ", ", port"}
   set theData to {}
   repeat with aParagraph in (paragraphs of theText)
       try
           set end of theData to text item 2 of aParagraph
       end try
   end repeat
   set text item delimiters to linefeed
   set theData to theData as text
   set text item delimiters to {""}
   return theData
end getIPData

on getFileName(theFile)
   set theFile to current application's NSString's stringWithString:theFile
   set fileBase to theFile's stringByDeletingPathExtension()
   set fileExtension to theFile's pathExtension()
   return ((fileBase's stringByAppendingString:"_IP")'s stringByAppendingPathExtension:fileExtension)
end getFileName

Last edited by peavine (2021-09-22 08:04:05 am)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#3 2021-09-22 07:41:03 am

KniazidisR
Member
From:: Greece
Registered: 2019-03-03
Posts: 2091

Re: Cleaning data out of a text file?

@peavine,
add removing duplicates as well.

Last edited by KniazidisR (2021-09-22 08:23:27 am)


Model: MacBook Pro
OS X: Catalina 10.15.7
Web Browser: Safari 14.1
Ram: 4 GB

Offline

 

#4 2021-09-22 08:01:42 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

@peavine that worked perfectly! Is it also possible to sort the IP's in order?

@KniazidisR where in the script do I place that code?

Very much appreciated guys.... this saves me so much work!

Offline

 

#5 2021-09-22 08:29:17 am

KniazidisR
Member
From:: Greece
Registered: 2019-03-03
Posts: 2091

Re: Cleaning data out of a text file?

dbrewood wrote:

@KniazidisR where in the script do I place that code?


Following @peavine's edited script will remove duplicates and sort the list (see 2 ADDED code lines):

Applescript:


use framework "Foundation"
use scripting additions

on open theDroppedItems
   set theFile to POSIX path of item 1 of theDroppedItems
   set theIPFile to getFileName(theFile)
   set theText to ((current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)) as text)
   set theIPData to getIPData(theText)
   (current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
   set text item delimiters to {"source: ", ", port"}
   set theData to {}
   repeat with aParagraph in (paragraphs of theText)
       try
           set end of theData to text item 2 of aParagraph
       end try
   end repeat
   set aSet to current application's NSSet's setWithArray:theData -- ADDED
   set theData to ((aSet's allObjects())'s sortedArrayUsingSelector:"localizedStandardCompare:") as list -- ADDED
   set text item delimiters to linefeed
   set theData to theData as text
   set text item delimiters to {""}
   return theData
end getIPData

on getFileName(theFile)
   set theFile to current application's NSString's stringWithString:theFile
   set fileBase to theFile's stringByDeletingPathExtension()
   set fileExtension to theFile's pathExtension()
   return ((fileBase's stringByAppendingString:"_IP")'s stringByAppendingPathExtension:fileExtension)
end getFileName

Last edited by KniazidisR (2021-09-22 08:56:51 am)


Model: MacBook Pro
OS X: Catalina 10.15.7
Web Browser: Safari 14.1
Ram: 4 GB

Offline

 

#6 2021-09-22 08:42:29 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

Thanks! If I run it I get an error stating

-[___NSSetl arraty]: unrecognised selector sent to instance.

No ideas what that means sad

Offline

 

#7 2021-09-22 08:57:58 am

KniazidisR
Member
From:: Greece
Registered: 2019-03-03
Posts: 2091

Re: Cleaning data out of a text file?

I found 2 errors in my script. I have now updated it with the necessary fixes.

Last edited by KniazidisR (2021-09-22 09:01:26 am)


Model: MacBook Pro
OS X: Catalina 10.15.7
Web Browser: Safari 14.1
Ram: 4 GB

Offline

 

#8 2021-09-22 09:02:47 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

That is truly awesome and wonderful. That works perfectly and saves so much work!

Many, many thanks to you both!

Offline

 

#9 2021-09-22 10:37:11 am

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

dbrewood. I'm glad that worked and you're most welcome.

I thought it might be an interesting project to rewrite the getIPData handler using ASObjC, and I've included that below. The only uncertainty for me was whether each paragraph of the source file could be parsed by calling componentsSeparatedByString only once.

BTW, I haven't run any timing tests but I suspect KniazidisR's solution will be faster, and there's no reason to prefer the following script.

Applescript:

use framework "Foundation"
use scripting additions

on open theDroppedItems
   set theFile to POSIX path of item 1 of theDroppedItems
   set theIPFile to getFileName(theFile)
   
   set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
   set theIPData to getIPData(theText)
   
   (current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
   set theParagraphs to theText's componentsSeparatedByCharactersInSet:(current application's NSCharacterSet's newlineCharacterSet())
   
   set ipData to current application's NSMutableArray's new()
   repeat with aParagraph in theParagraphs
       set aString to item 2 of (aParagraph's componentsSeparatedByString:"source: ")
       set aString to item 1 of (aString's componentsSeparatedByString:", port")
       (ipData's addObject:aString)
   end repeat
   
   set aSet to current application's NSSet's setWithArray:ipData -- this and next line by KniazidisR
   set ipData to ((aSet's allObjects())'s sortedArrayUsingSelector:"localizedStandardCompare:")
   
   return ((ipData's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
   set theFile to current application's NSString's stringWithString:theFile
   set fileBase to theFile's stringByDeletingPathExtension()
   set fileExtension to theFile's pathExtension()
   return ((fileBase's stringByAppendingString:" (IP Addresses)")'s stringByAppendingPathExtension:fileExtension)
end getFileName

main()

Last edited by peavine (2021-09-22 03:47:38 pm)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#10 2021-09-22 11:29:53 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

Thanks for that I'll keep it as a 'reserve' option in case I have any problem with the other script. As it is working though I'll stick with that for the moment if that is okay?

Offline

 

#11 2021-09-22 12:57:56 pm

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

dbrewood wrote:

Thanks for that I'll keep it as a 'reserve' option in case I have any problem with the other script. As it is working though I'll stick with that for the moment if that is okay?



dbrewood. Sorry for the confusion.

I rewrote the earlier script with ASObjC just for learning purposes. It allows other members of the forum--who are more knowledgeable than me--to make suggestions for improvement. There's no reason for you to use my script.

Last edited by peavine (2021-09-22 01:08:15 pm)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#12 2021-09-22 01:12:36 pm

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

Oh no confusion smile

I was just wondering on the reasoning. My only coding knowledge was from MS Access years ago so Apple scripting and more modern ways of coding are alien to me smile

Offline

 

#13 2021-09-22 03:39:55 pm

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

peavine wrote:

There's no reason for you to use my script.



Just to make sure, I went ahead and ran timing tests with Script Geek on the two script alternatives, and the results were:

KniazidisR's script in post 5 - 12 milliseconds

My script in post 9 - 101 milliseconds

Essentially all of this difference is attributable to the speed advantage of the text item delimiters used in KniazidisR's script.

Last edited by peavine (2021-09-22 03:53:17 pm)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#14 2021-09-22 04:02:47 pm

wch1zpink
Member
Registered: 2011-08-20
Posts: 63

Re: Cleaning data out of a text file?

Here is another AppleScript option which takes a completely different route, using much less code and is pretty quick also.

This assumes the file being dropped onto this applet is a text file and its contents are in the same format as per the example given in the original post.

In short, rather than creating a new file every time a file is dropped onto this applet, dropping a text file onto this Droplet will strip out everything but the IP numbers and Port numbers, which will be logged to a file named "Cleaned_IPs.txt" in the same folder as the original dropped file. (That log file shows the file processed and its path, the date and time of each and has duplicate entries removed and is numerically sorted)

Applescript:

property stripText : " | cut -d' ' -f7-9 | tr -d ',' | sort --numeric-sort | uniq"

on open of theFiles -- Handles single or multiple dropped files
   repeat with aFile in theFiles
       set theDate to (current date) as text
       tell application "Finder" to set sourceFilePath to container of aFile as alias
       set cleanedText to do shell script "cat " & ¬
           quoted form of POSIX path of aFile & stripText
       
       ---------- Option 1. ---------- Verbose & Appending
       set theData to ("From file: " & quoted form of POSIX path of aFile & ¬
           " - " & theDate & linefeed & linefeed & cleanedText & linefeed)
       --------------------------------
       
       ---------- Option 2. ---------- Combined, De-Duped, Sorted - IP's & Ports Only
       --set theData to cleanedText
       --------------------------------
       
       do shell script "echo " & quoted form of theData & " >> " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
       do shell script "sort | uniq " & quoted form of ¬
           POSIX path of sourceFilePath & "Cleaned_IPs.txt" & " | pbcopy ; pbpaste > " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
   end repeat
end open

YhPJWqD.png?1

Last edited by wch1zpink (2021-09-22 07:33:02 pm)

Offline

 

#15 2021-09-23 12:23:32 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

That is cool! I do only need the IP addresses, the port numbers need to go.

I'm amazed in all the interest the request is gaining smile

Offline

 

#16 2021-09-23 11:02:19 am

wch1zpink
Member
Registered: 2011-08-20
Posts: 63

Re: Cleaning data out of a text file?

dbrewood wrote:

That is cool! I do only need the IP addresses, the port numbers need to go.



This will extract all of the IP addresses from the text files dropped onto this applet.  The IP’s will be added and appended to the  "Cleaned_IPs.txt" file while numerically sorting and removing any duplicate entries.

Applescript:

property stripText : " | cut -d' ' -f7 | tr -d ',' | sort --numeric-sort | uniq"

on open of theFiles -- Handles single or multiple dropped files
   repeat with aFile in theFiles
       tell application "Finder" to set sourceFilePath to container of aFile as alias
       set cleanedText to do shell script "cat " & ¬
           quoted form of POSIX path of aFile & stripText
       do shell script "echo " & quoted form of cleanedText & " >> " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
       do shell script "sort | uniq " & quoted form of ¬
           POSIX path of sourceFilePath & "Cleaned_IPs.txt" & ¬
           " | pbcopy -pboard ruler ; pbpaste -pboard ruler > " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
   end repeat
end open

Last edited by wch1zpink (2021-09-23 11:10:16 am)

Offline

 

#17 2021-09-23 11:12:42 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

I just gave that code a try, works well but it leaves the output text starting with "source:" at the top of the file as the first line?

e.g.

source:
2.16.75.200
2.17.23.76
23.54.74.141

Offline

 

#18 2021-09-23 11:31:06 am

wch1zpink
Member
Registered: 2011-08-20
Posts: 63

Re: Cleaning data out of a text file?

dbrewood wrote:

I just gave that code a try, works well but it leaves the output text starting with "source:" at the top of the file as the first line?

e.g.

source:
2.16.75.200
2.17.23.76
23.54.74.141



Hmm. The text files i am using contains the text from your sample output.  This is how my "Cleaned_IPs.txt" file looks…

ryyTPbq.png?1

Try deleting the "Cleaned_IPs.txt" then recompile and save the applet. Then try again. You should get the same results as I do.

Offline

 

#19 2021-09-23 12:11:08 pm

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

Hmmm same result... This is the test file I used:

[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 23:48:43
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 23:46:57
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:45:01
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:38:39
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:34:09
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:33:56
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:25
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:25
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:25
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52920, Wednesday, September 22, 2021 23:21:23
[DoS Attack: ACK Scan] from source: 119.90.42.87, port 52918, Wednesday, September 22, 2021 23:21:23
[DoS Attack: WinNuke Attack] from source: 119.90.42.87, port 52917, Wednesday, September 22, 2021 23:21:23
[DoS Attack: NULL Scan] from source: 119.90.42.87, port 52916, Wednesday, September 22, 2021 23:21:23
[DoS Attack: RST Scan] from source: 161.97.168.3, port 29000, Wednesday, September 22, 2021 23:16:40
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 23:10:55
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 22:50:26
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 22:38:21
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 22:35:48
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 22:30:01
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 22:17:40
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 22:12:35
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 21:56:46
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 21:48:24
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 21:47:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 21:30:28
[DoS Attack: UDP Port Scan] from source: 91.132.58.137, port 5062, Wednesday, September 22, 2021 21:28:48
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 21:27:08
[DoS Attack: SYN/ACK Scan] from source: 74.91.121.160, port 22, Wednesday, September 22, 2021 21:24:42
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:56:30
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:49:23
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:48:43
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 20:40:57
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 20:33:41
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:32:14
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:30:23
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 20:14:55
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:12:14
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:11:09
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 20:10:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 20:04:56
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 19:51:32
[DoS Attack: SYN/ACK Scan] from source: 104.21.33.76, port 443, Wednesday, September 22, 2021 19:43:40
[DoS Attack: SYN/ACK Scan] from source: 134.255.227.145, port 30120, Wednesday, September 22, 2021 19:33:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 19:33:10
[DoS Attack: ACK Scan] from source: 52.97.219.213, port 59827, Wednesday, September 22, 2021 19:28:33
[DoS Attack: SYN/ACK Scan] from source: 37.157.254.239, port 443, Wednesday, September 22, 2021 19:27:56
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 19:15:59
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 19:15:24
[DoS Attack: SYN/ACK Scan] from source: 92.122.148.35, port 443, Wednesday, September 22, 2021 19:13:29
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 19:11:22
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 19:10:05
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 19:03:13
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Wednesday, September 22, 2021 18:52:36
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 18:45:36
[DoS Attack: RST Scan] from source: 161.97.168.3, port 29000, Wednesday, September 22, 2021 18:45:27
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 18:44:24
[DoS Attack: SYN/ACK Scan] from source: 103.158.36.70, port 80, Wednesday, September 22, 2021 18:43:00
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 18:34:46
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 18:27:46
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 18:17:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 18:09:15
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 18:05:24
[DoS Attack: ACK Scan] from source: 52.98.207.133, port 44801, Wednesday, September 22, 2021 18:00:32
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 17:40:16
[DoS Attack: SYN/ACK Scan] from source: 2.17.23.76, port 443, Wednesday, September 22, 2021 17:35:04
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 17:23:28
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 17:17:55
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:45
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:45
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:45
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:45
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:45
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.52, port 52716, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52715, Wednesday, September 22, 2021 17:15:43
[DoS Attack: ACK Scan] from source: 119.90.52.52, port 52713, Wednesday, September 22, 2021 17:15:43
[DoS Attack: WinNuke Attack] from source: 119.90.52.52, port 52712, Wednesday, September 22, 2021 17:15:43
[DoS Attack: NULL Scan] from source: 119.90.52.52, port 52711, Wednesday, September 22, 2021 17:15:43
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:12
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:12
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:12
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:12
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: Xmas Tress Scan] from source: 119.90.52.42, port 39108, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39107, Wednesday, September 22, 2021 17:12:08
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39105, Wednesday, September 22, 2021 17:12:08
[DoS Attack: WinNuke Attack] from source: 119.90.52.42, port 39104, Wednesday, September 22, 2021 17:12:08
[DoS Attack: NULL Scan] from source: 119.90.52.42, port 39103, Wednesday, September 22, 2021 17:12:08
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 17:06:37
[DoS Attack: ACK Scan] from source: 119.90.52.42, port 39086, Wednesday, September 22, 2021 17:06:13
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 17:03:30
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 17:02:50
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 17:02:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 17:01:33
[DoS Attack: ACK Scan] from source: 92.122.165.102, port 443, Wednesday, September 22, 2021 16:55:24
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:47:56
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 16:35:15
[DoS Attack: RST Scan] from source: 91.191.209.163, port 43200, Wednesday, September 22, 2021 16:27:23
[DoS Attack: RST Scan] from source: 92.63.197.105, port 55135, Wednesday, September 22, 2021 16:26:54
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Wednesday, September 22, 2021 16:24:31
[DoS Attack: RST Scan] from source: 45.95.147.3, port 59914, Wednesday, September 22, 2021 16:19:28
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 16:19:01
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:16:05
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 16:09:51
[DoS Attack: ICMP Scan] from source: 146.0.77.38, Wednesday, September 22, 2021 16:03:57
[DoS Attack: ACK Scan] from source: 146.0.77.38, port 48926, Wednesday, September 22, 2021 16:03:57
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 15:57:40
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 15:55:58
[DoS Attack: ACK Scan] from source: 92.122.165.102, port 443, Wednesday, September 22, 2021 15:48:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 15:40:41
[DoS Attack: SYN/ACK Scan] from source: 164.132.206.38, port 30120, Wednesday, September 22, 2021 15:36:04
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 15:25:53
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 14:57:50
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 14:53:21
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 14:43:51
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Wednesday, September 22, 2021 14:25:15
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 14:01:21
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 13:36:57
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 13:31:14
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 13:21:15
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 12:52:25
[DoS Attack: SYN/ACK Scan] from source: 50.236.208.90, port 19810, Wednesday, September 22, 2021 12:47:17
[DoS Attack: SYN/ACK Scan] from source: 50.236.208.90, port 19810, Wednesday, September 22, 2021 12:46:52
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 12:18:59
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 12:12:58
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 12:09:21
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 11:53:33
[DoS Attack: ACK Scan] from source: 52.97.129.229, port 61052, Wednesday, September 22, 2021 11:51:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:32:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Wednesday, September 22, 2021 11:31:06
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:10:58
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:16
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:16
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:16
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:15
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:15
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:15
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:14
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:14
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:14
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:13
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:13
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:13
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:13
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:13
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: Xmas Tress Scan] from source: 119.90.42.85, port 63749, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63748, Wednesday, September 22, 2021 11:06:06
[DoS Attack: ACK Scan] from source: 119.90.42.85, port 63746, Wednesday, September 22, 2021 11:06:06
[DoS Attack: WinNuke Attack] from source: 119.90.42.85, port 63745, Wednesday, September 22, 2021 11:06:06
[DoS Attack: NULL Scan] from source: 119.90.42.85, port 63744, Wednesday, September 22, 2021 11:06:06
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 11:03:18
[DoS Attack: ACK Scan] from source: 133.218.60.126, port 35940, Wednesday, September 22, 2021 11:02:30
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 10:26:07
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 10:15:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 09:47:57
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 09:46:11
[DoS Attack: SYN/ACK Scan] from source: 51.222.154.180, port 44406, Wednesday, September 22, 2021 09:33:29
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Wednesday, September 22, 2021 09:32:01
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Wednesday, September 22, 2021 09:29:42
[DoS Attack: SYN/ACK Scan] from source: 51.222.154.180, port 44406, Wednesday, September 22, 2021 09:23:27
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.81, port 51094, Wednesday, September 22, 2021 09:04:18
[DoS Attack: SYN/ACK Scan] from source: 81.176.176.156, port 25565, Wednesday, September 22, 2021 09:00:42
[DoS Attack: ACK Scan] from source: 84.53.169.133, port 443, Wednesday, September 22, 2021 08:55:57
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 08:20:06
[DoS Attack: SYN/ACK Scan] from source: 37.157.254.239, port 443, Wednesday, September 22, 2021 07:50:12
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 07:47:16
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 07:42:27
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 07:37:47
[DoS Attack: SYN/ACK Scan] from source: 23.54.74.141, port 443, Wednesday, September 22, 2021 07:29:35
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 07:17:07
[DoS Attack: SYN/ACK Scan] from source: 54.239.28.85, port 443, Wednesday, September 22, 2021 06:29:29
[DoS Attack: SYN/ACK Scan] from source: 51.81.164.65, port 22, Wednesday, September 22, 2021 06:23:58
[DoS Attack: ACK Scan] from source: 84.53.169.133, port 443, Wednesday, September 22, 2021 06:16:07
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 05:53:06
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 05:50:46
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 05:48:05
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:38:34
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 05:32:20
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 05:27:23
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:23:36
[DoS Attack: SYN/ACK Scan] from source: 176.32.103.205, port 443, Wednesday, September 22, 2021 05:19:05
[DoS Attack: SYN/ACK Scan] from source: 137.74.95.222, port 80, Wednesday, September 22, 2021 05:14:53
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:56:57
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Wednesday, September 22, 2021 04:51:46
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 04:37:41
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:37:16
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 04:35:32
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 04:34:35
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Wednesday, September 22, 2021 04:33:20
[DoS Attack: SYN/ACK Scan] from source: 205.251.242.103, port 443, Wednesday, September 22, 2021 04:26:15

Offline

 

#20 2021-09-23 03:18:39 pm

Marc Anthony
Member
From:: Dallas, TX
Registered: 2006-04-27
Posts: 1045

Re: Cleaning data out of a text file?

This is unlikely to be as fast as the delimiter method, but I like regex for this.

For single files:

Applescript:

do shell script "echo " & my (read (choose file))'s quoted form & " | egrep -o '(\\d{1,3}[.]?){4}' | sort -h | uniq >> " & ((path to desktop as text) & "IP.txt")'s POSIX path's quoted form

As a drop for multiple plain text files:

Applescript:

on open theFiles
   set whatever to {}
   repeat with aFile in theFiles
       set whatever's end to aFile's POSIX path's quoted form & space
   end repeat
   do shell script "cat " & whatever & " | egrep -o '(\\d{1,3}[.]*\\d{1,3}){3}' | sort -h | uniq > " & ((path to desktop folder as text)'s POSIX path & "/IP.txt")'s quoted form
end open

--edited to improve the pattern

Last edited by Marc Anthony (2021-09-25 11:27:47 am)

Offline

 

#21 2021-09-23 03:29:08 pm

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

dbrewood wrote:

I just gave that code a try, works well but it leaves the output text starting with "source:" at the top of the file as the first line?



I get the same result with wch1zpink's script, which I believe arises from an inconsistent number of spaces before the IP address in the text in post 19. For example:

Applescript:

set lineOne to "[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Wednesday, September 22, 2021 23:33:56"
set theResult to do shell script "echo " & quoted form of lineOne & " | cut -d' ' -f7"
--> 95.217.31.46,

set lineTwo to "[DoS Attack: Xmas Tress Scan] from source: 119.90.42.87, port 52921, Wednesday, September 22, 2021 23:21:25"
set theResult to do shell script "echo " & quoted form of lineTwo & " | cut -d' ' -f7"
--> source:

The problem is masked in part by the uniq command. Also, it appears that the text in post 1 has a consistent number of spaces before the IP address, which may explain the differing results.

Last edited by peavine (2021-09-23 03:44:27 pm)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#22 2021-09-23 06:07:09 pm

wch1zpink
Member
Registered: 2011-08-20
Posts: 63

Re: Cleaning data out of a text file?

peavine wrote:
dbrewood wrote:

I just gave that code a try, works well but it leaves the output text starting with "source:" at the top of the file as the first line?



I get the same result with wch1zpink's script, which I believe arises from an inconsistent number of spaces before the IP address in the text in post 19. For example:



This revision should address the issue

Applescript:

property stripText : " | cut -d' ' -f7 | tr -d ',' | egrep -v 'source' | sort -n | uniq"

on open of theFiles -- Handles single or multiple dropped files
   repeat with aFile in theFiles
       tell application "Finder" to set sourceFilePath to container of aFile as alias
       set cleanedText to do shell script "cat " & ¬
           quoted form of POSIX path of aFile & stripText
       do shell script "echo " & quoted form of cleanedText & " >> " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
       do shell script "sort -n | uniq " & quoted form of ¬
           POSIX path of sourceFilePath & "Cleaned_IPs.txt" & ¬
           " | pbcopy -pboard ruler ; pbpaste -pboard ruler > " & ¬
           quoted form of POSIX path of sourceFilePath & "Cleaned_IPs.txt"
   end repeat
end open

Offline

 

#23 2021-09-24 01:49:20 am

peavine
Member
From:: Prescott, Arizona
Registered: 2018-09-04
Posts: 1089

Re: Cleaning data out of a text file?

I only have a passing familiarity with regex and no experience with its use with ASObjC, and I thought writing a script utilizing these might be a good learning experience. The timing test result was 65 milliseconds, which is only respectable, but the script should be reliable. The basic ASObjC regex code was from Shane's book.

Applescript:

use framework "Foundation"
use scripting additions

on open theDroppedItems
   set theFile to POSIX path of item 1 of theDroppedItems
   set theIPFile to getFileName(theFile)
   set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
   set theIPData to getIPData(theText)
   (current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
   set regExPattern to "(\\d{1,3}\\.){3}\\d{1,3}"
   set theRegEx to current application's NSRegularExpression's regularExpressionWithPattern:regExPattern options:0 |error|:(missing value)
   set regExMatches to theRegEx's matchesInString:theText options:0 range:{location:0, |length|:theText's |length|()}
   
   set ipList to {}
   repeat with anItem in regExMatches
       set end of ipList to (theText's substringWithRange:(anItem's range())) as text
   end repeat
   
   set ipSet to current application's NSOrderedSet's orderedSetWithArray:ipList
   set ipSortedArray to ipSet's array()'s sortedArrayUsingSelector:"localizedStandardCompare:"
   
   return ((ipSortedArray's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
   set theFile to current application's NSString's stringWithString:theFile
   set fileBase to theFile's stringByDeletingPathExtension()
   set fileExtension to theFile's pathExtension()
   return ((fileBase's stringByAppendingString:"_IP")'s stringByAppendingPathExtension:fileExtension)
end getFileName

Last edited by peavine (2021-10-02 06:06:27 pm)


2018 Mac mini - macOS Catalina - Script Debugger 8

Offline

 

#24 2021-09-24 02:14:55 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

wch1zpink wrote:


This revision should address the issue


It does indeed! Thanks.

Offline

 

#25 2021-09-24 02:17:41 am

dbrewood
Member
From:: Manchester, UK
Registered: 2020-11-30
Posts: 36

Re: Cleaning data out of a text file?

peavine wrote:

I only have a passing familiarity with regex and no experience with its use with ASObjC, and I thought writing a script utilizing these might be a good learning experience. The timing test result was 65 milliseconds, which is only respectable, but the script should be reliable. The basic ASObjC regex code was from Shane's book.


Yep that works nicely as well smile

Offline

 

Board footer

Powered by FluxBB

RSS (new topics) RSS (active topics)