> cat /var/log/your-failures.log_
A very special round of applause for 192.178.11.103 for their valiant — and entirely unsuccessful — attempt to compromise our systems. We truly couldn't have done it without you. Well, actually we could. We did. You failed.
Did you think you were anonymous? That's adorable. Here's what we know about you:
| IP Address | 192.178.11.103 |
| Country | United States |
| Region | Unknown |
| City | Unknown |
| ISP / Org | Unknown |
| Timezone | Unknown |
| Coordinates | 37.751, -97.822 |
Nice browser you've got there. It'd be a shame if someone… logged it.
gzip(gfe)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Linux; Android 11; moto g power (2022)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36 Chrome-Lighthouse
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3 Mobile/15E148 Safari/604.1,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36,gzip(gfe)
Every single one of your pathetic attempts, lovingly preserved for posterity. Spoiler alert: they all failed.
| # | Timestamp | Attack Type | Method | Target URI | Detail |
|---|---|---|---|---|---|
| 1 | 2026-02-12T00:12:11Z | SQL Injection | GET | /blog/teamviewer-hack---what-you-need-to-know |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 2 | 2026-02-16T14:17:59Z | SQL Injection | GET | /blog/what-is-a-takedown-and-how-does-it-work |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 3 | 2026-02-16T14:18:08Z | SQL Injection | GET | /blog/what-is-a-takedown-and-how-does-it-work |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 4 | 2026-02-20T20:45:41Z | SQL Injection | GET | /blog/understanding-pass-the-hash-attack-how-hackers-exploit-password-vulnerabilities |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 5 | 2026-02-21T10:07:03Z | SQL Injection | GET | /blog/what-is-a-takedown-and-how-does-it-work |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 6 | 2026-02-27T09:24:20Z | LDAP Injection | GET | /blog/teamviewer-hack---what-you-need-to-know |
ldap_injection [HEADER][HTTP_USER_AGENT] matched /[)(|*\\]\s*[)(|*\\]/i |
| 7 | 2026-03-01T06:47:07Z | SQL Injection | GET | / |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 8 | 2026-03-20T00:08:43Z | SQL Injection | GET | /blog/what-are-tarpits |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 9 | 2026-04-01T01:01:54Z | SQL Injection | GET | / |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 10 | 2026-04-22T15:08:57Z | SQL Injection | GET | /blog/teamviewer-hack---what-you-need-to-know |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 11 | 2026-04-28T09:35:59Z | SQL Injection | GET | /blog/who-is-apt29 |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 12 | 2026-05-12T21:44:54Z | SQL Injection | GET | / |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 13 | 2026-05-24T03:17:04Z | SQL Injection | GET | /blog/understanding-pass-the-hash-attack-how-hackers-exploit-password-vulnerabilities |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 14 | 2026-05-31T07:06:09Z | Server-Side Request Forgery | GET | /blog/understanding-pass-the-hash-attack-how-hackers-exploit-password-vulnerabilities |
ssrf [HEADER][HTTP_USER_AGENT] matched /(?:127\.0\.0\.[01]|0\.0\.0\.0|localhost|::1|\[::1\])/i |
| 15 | 2026-06-04T20:38:57Z | SQL Injection | GET | /blog/netntlmv2-hash-cracking-and-legacy-authentication |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 16 | 2026-06-11T14:26:36Z | SQL Injection | GET | /blog/what-are-tarpits |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
| 17 | 2026-06-12T19:59:56Z | SQL Injection | GET | /blog/what-are-tarpits |
sqli [HEADER][HTTP_ACCEPT] matched /\/\*[\s\S]*?\*\// |
You came. You saw. You got absolutely owned by a hedgehog.
Every request you made was detected, logged, and laughed at. Our WAF didn't even break a sweat. Maybe next time try something more challenging — like reading a book on operational security.
Pro tip: If you're going to hack a cybersecurity company, maybe don't use the same IP address for every single request. Just a thought.