diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 6735186..6bf694d 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1412,7 +1412,7 @@ analyze_success_rates() {
     print_info "Analyzing request success rates and behavior patterns..."
 
     # Calculate success rate (200/301/302 vs 404/403) for each IP
-    cat "$TEMP_DIR/parsed_logs.txt" | awk -F'|' '
+    awk -F'|' '
     {
         ip = $1
         status = $4
@@ -1438,17 +1438,20 @@ analyze_success_rates() {
 
             # High failure rate indicates scanning/probing
             if (fail_rate >= 80 && total[ip] >= 20) {
-                print ip "|" total[ip] "|" fail_rate "|scanner" > "'"$TEMP_DIR"'/high_failure_ips.txt"
+                print ip "|" total[ip] "|" fail_rate "|scanner" >> "'"$TEMP_DIR"'/high_failure_ips.txt"
             }
             # Very high success rate + high volume could be scraping
             else if (success_rate >= 90 && total[ip] >= 100) {
-                print ip "|" total[ip] "|" success_rate "|scraper" > "'"$TEMP_DIR"'/high_success_ips.txt"
+                print ip "|" total[ip] "|" success_rate "|scraper" >> "'"$TEMP_DIR"'/high_success_ips.txt"
             }
 
             # Output all rates for later analysis
-            print ip "|" total[ip] "|" success_rate "|" fail_rate > "'"$TEMP_DIR"'/ip_success_rates.txt"
+            print ip "|" total[ip] "|" success_rate "|" fail_rate >> "'"$TEMP_DIR"'/ip_success_rates.txt"
         }
-    }' < <(cat "$TEMP_DIR/parsed_logs.txt")
+        close("'"$TEMP_DIR"'/high_failure_ips.txt")
+        close("'"$TEMP_DIR"'/high_success_ips.txt")
+        close("'"$TEMP_DIR"'/ip_success_rates.txt")
+    }' < "$TEMP_DIR/parsed_logs.txt"
 
     # Touch files if they don't exist
     touch "$TEMP_DIR/high_failure_ips.txt" "$TEMP_DIR/high_success_ips.txt" "$TEMP_DIR/ip_success_rates.txt"