I’ve been monitoring the logs from the Veil-Evasion and this website, and I noticed the past couple days that there’s a lot of attempts to log in to the Veil website. Seeing as I am not logging into it myself, I know that this is obviously going to be someone trying to break in. However, this isn’t an attack where the attacker is trying to remain under the radar, this is pretty blatant.
I’ve parsed my apache logs for any attempt to log into the Veil-Evasion website. This will obviously include my information, but it will be the minority. I ran all IP addresses through Just-Metadata, and this what I think is some of the interesting information it discovered:
Short story, the attacker appears to be coming out of Russia. Note: This doesn’t mean it’s a Russian attacker, just that the IP space they are attacking from appears to be Russian.
Top 10 Countries
(Country : Number of Occurrences)
===================================
Russia : 2699
Ukraine : 249
France : 165
Belarus : 60
Brazil : 46
Kazakhstan : 37
Vietnam : 32
Turkey : 31
Georgia : 25
India : 23
Top 10 Cities
(City : Number of Occurrences)
===================================
Moscow, Russia : 329
Roubaix, France : 159
Saint Petersburg, Russia : 107
Yekaterinburg, Russia : 74
Rostov-on-Don, Russia : 72
Novosibirsk, Russia : 71
Nizhniy Novgorod, Russia : 60
Ufa, Russia : 52
Perm, Russia : 50
Samara, Russia : 50