What Happened
SERVER LOGS CONFIRMED
On March 29, 2026, OWL published its first wave of investigative articles exposing corruption networks across Armenia's political establishment. By March 30 -- exactly one day later -- our servers began recording a surge of automated cyberattack attempts.
Every single attempt was logged. Every single attempt failed. This is what they tried.
What They Searched For
ATTACK PATTERN ANALYSIS
| WHAT THEY SEARCHED FOR | ATTEMPTS | WHAT THEY FOUND |
|---|---|---|
| WordPress admin panels wp-admin, wp-login, wp-content | 428 | Nothing. We don't use WordPress. |
| Environment files .env, .env.bak, .env.production, .env.local | 150+ | Nothing. We have no backend. |
| Source code repositories .git/config, .git/HEAD | 17 | Nothing. No code to steal. |
| Payment credentials stripe.json, stripe_secret, stripe_config | 40+ | Nothing. We use cryptocurrency only. |
| Cloud credentials aws.config, docker-compose.yml, serverless.yml | 30+ | Nothing. No cloud services. |
| Database access database.yml, credentials.json, phpmyadmin | 20+ | Nothing. We have no database. |
| Admin dashboards admin/, dashboard/, cpanel/, manager/ | 15+ | Nothing. No admin panel exists. |
| Shell uploads / backdoors wp-content/uploads, upload paths | 4 | Nothing. No upload functionality. |
They came looking for a web application with databases, admin panels, and payment systems. They found a wall.
The Attack Timeline
HOUR BY HOUR
| TIME (UTC) | ATTACKS | NOTES |
|---|---|---|
| 00:00-05:00 | 103 | Initial probing begins |
| 06:00-07:00 | 343 | Massive spike -- 10:00 AM Yerevan time |
| 08:00-12:00 | 74 | Continued scanning |
| 13:00-17:00 | 109 | Afternoon wave |
| 18:00-23:00 | 158 | Evening attacks escalate again |
The peak at 06:00 UTC (10:00 AM Yerevan time) is notable. Someone in Armenia's timezone started their workday by trying to hack us.
The Tools They Used
IDENTIFIED
| TOOL | TYPE | REQUESTS |
|---|---|---|
| curl (automated) | Command-line scanning | 236 |
| CensysInspect | Internet-wide vulnerability scanner | 13 |
| zgrab | Security research scanner | 8 |
| python-requests | Custom attack scripts | 2 |
| Various browsers (spoofed) | Disguised automated tools | 400+ |
Why Every Attack Failed
BY DESIGN
OWL was built to be attacked. We expected it. Here is why nothing works:
- There is no content management system -- no WordPress, no Drupal, no PHP
- There is no database -- no SQL to inject, no records to steal
- There is no admin panel -- no login page to brute-force
- There is no file upload -- no way to plant a backdoor
- There are no environment files -- no credentials to harvest
- There are no external API connections -- no services to hijack
- There are no cookies, no tracking, no JavaScript frameworks
- Every request is logged. Every attacker IP is recorded.
We are pure static HTML. There is nothing to exploit. There is no back door because there is no door at all.
You cannot hack a newspaper printed on stone. You can only read it.
What This Tells Us
ANALYSIS
The attack pattern tells a story:
| OBSERVATION | WHAT IT MEANS |
|---|---|
| Attacks started within 48 hours of first publication | Someone with resources read our investigations and responded immediately |
| Peak at 10:00 AM Yerevan time | Attackers are operating on Armenian business hours |
| WordPress-focused scanning | They assumed we use standard web tools -- they were wrong |
| Payment credential searches | They wanted to find our funding sources |
| Source code repository probes | They wanted to find who we are |
| Multiple professional scanner tools | These are not random bots -- someone deployed dedicated tools |
Our Promise
To whoever ordered these attacks:
- We log every attempt. We know your IPs. We know your tools. We know your timing.
- Every attack attempt only confirms that our investigations are reaching the right people.
- You cannot take this site down. You cannot find our sources. You cannot identify us.
- We will continue publishing. The next investigation is already written.
To our readers:
- This site collects no data about you. No cookies. No tracking. No logs of reader activity.
- We built OWL to survive exactly this kind of pressure.
- The attacks prove the investigations matter. If they didn't, no one would bother.
We publish about corruption. They respond with attacks. We respond by publishing about their attacks. The cycle only ends when the corruption does.
Technical Note
OWL publishes periodic transparency reports on attacks against our infrastructure. We will never reveal details that could compromise our security architecture, our sources, or our team. What we will reveal is that every attempt to silence us has failed, and every attempt has been documented.