diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 448ac5d..c20a05f 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1036,7 +1036,7 @@ detect_threats() {
 
         # Breakdown by attack type
         for attack_type in sqli xss path_traversal rce_upload info_disclosure login_bruteforce; do
-            grep -F "|$attack_type" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | grep -F "|$attack_type$" | \
+            grep -F "|$attack_type|" "$TEMP_DIR/attack_vectors_raw.txt" 2>/dev/null | \
                 awk -F'|' '{print $1"|"$2"|"$3"|"$4}' | \
                 sort | uniq -c | sort -rn > "$TEMP_DIR/${attack_type}_attempts.txt" || true
         done