2026-04-16 08:28:42 | SCANNER_TRAPPED | IP: 13.59.96.59 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51 | Reason: Header Anomaly: Chrome UA but missing sec-ch-ua AND sec-fetch-* headers (fake Chrome – likely scanner)
2026-04-16 08:28:42 | SCANNER_TRAPPED | IP: 3.145.20.249 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51 | Reason: Header Anomaly: Chrome UA but missing sec-ch-ua AND sec-fetch-* headers (fake Chrome – likely scanner)
2026-04-16 08:28:42 | SCANNER_TRAPPED | IP: 18.226.104.242 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.51 | Reason: Header Anomaly: Chrome UA but missing sec-ch-ua AND sec-fetch-* headers (fake Chrome – likely scanner)
2026-04-16 08:28:44 | SCANNER_TRAPPED | IP: 34.58.71.228 | UA: Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 | Reason: Browser UA from GCP hosting (228.71.58.34.bc.googleusercontent.com) – likely scanner/bot
2026-04-16 08:32:16 | SCANNER_TRAPPED | IP: 54.70.53.60 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 | Reason: TLS Mismatch: Chrome/143 UA but missing Sec-CH-UA header (fake Chrome – scanner probe)
2026-04-16 08:56:49 | SCANNER_TRAPPED | IP: 184.188.72.59 | UA: Mozilla/5.0 (iPhone; CPU iPhone OS 26_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/144.0.7559.95 Mobile/15E148 Safari/604.1 | Reason: Residential proxy burst from /184.188.72.0/24: 6 distinct IPs in 60s
2026-04-16 08:56:53 | SCANNER_TRAPPED | IP: 184.188.72.231 | UA: Mozilla/5.0 (iPhone; CPU iPhone OS 26_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/144.0.7559.95 Mobile/15E148 Safari/604.1 | Reason: Residential proxy burst from /184.188.72.0/24: 7 distinct IPs in 60s
2026-04-16 09:28:39 | SCANNER_TRAPPED | IP: 139.59.145.68 | UA: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 | Reason: Accept Anomaly: Accept: */* on page navigation (HTTP library, not a real browser)
2026-04-16 09:34:20 | SCANNER_TRAPPED | IP: 94.156.14.80 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36 | Reason: Header Anomaly: Chrome UA but missing sec-ch-ua AND sec-fetch-* headers (fake Chrome – likely scanner)
2026-04-16 09:37:00 | SCANNER_TRAPPED | IP: 52.1.154.183 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.7632.6 Safari/537.36 | Reason: UA Implausibility: Chrome/145 does not exist yet (fake version)
2026-04-16 09:37:09 | SCANNER_TRAPPED | IP: 34.228.210.232 | UA: Mozilla/5.0 (Linux; Android 16; SM-S921U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.7632.6 Mobile Safari/537.36 | Reason: UA Implausibility: Chrome/145 does not exist yet (fake version)
2026-04-16 09:49:50 | SCANNER_TRAPPED | IP: 205.169.39.56 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 | Reason: IP in Blocked Range (CIDR)