All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Introducing ProxyTrap – Threat Intelligence for the Hosting Community
Hey LET! 
We’re excited to introduce ProxyTrap a new threat intelligence project from Protectiv, focused on collecting and analyzing malicious traffic coming through abused proxy servers (SOCKS4/5 and HTTP).
ProxyTrap’s main focus is DDoS attacks that leverage abused or open proxies.
At its core, ProxyTrap operates a global network of proxy honeypots systems that simulate open proxies to observe, record, and analyze DDoS attacks and other malicious activity.
By studying how attackers use compromised or open proxies, we aim to identify the websites being targeted, the sources of the attacks, and patterns in proxy-based abuse.
We also capture attacker fingerprints, particularly JA4 (and JA3) TLS client fingerprints, to help profile attacker tools and correlate malicious sessions across different attacks. This data helps us build a clearer picture of how automated and proxy-based attacks behave at scale.
At this stage, ProxyTrap focuses purely on threat intelligence and attack data collection, no active mitigation or notification system yet.
🧩 What’s Coming Next
We’re building features to make ProxyTrap more interactive and actionable:
1. Attack notifications – instant alerts when your sites are attacked
2. Attack history – searchable data on which websites have been targeted and when
3. Visibility on Layer 4 attacks – including amplification attacks and traffic from botnets
4.Integration with our WAAP (Web Application & API Protection) product – to provide automatic, real-time protection and correlation between honeypot intelligence and live web traffic defenses
Our ultimate goal is to make ProxyTrap an early warning signal for everyone, from hosting providers and network operators to sysadmins, researchers, and individual site owners, providing clear visibility into both proxy-based and network-based attacks before they escalate.
Why It Might Interest LET Users
Many LET users run smaller VPS or dedicated setups without enterprise-grade DDoS visibility. ProxyTrap’s mission is to provide a community accessible look into proxy-based attack patterns, helping users understand, detect, and (soon) automatically protect against them, all without heavy infrastructure or high costs.
Check it out and share your thoughts:
https://proxytrap.protectiv.ph/
We’d love to hear feedback and suggestions from the LET community as we continue building and expanding the platform.
This post was generated with the help of ChatGPT.
LowEndBox & LowEndTalk.
Comments
Hello can you analyze @oloke and see if he poses a threat thanks
This post was generated with the help of ChatGPT.
Nobody uses open proxies to attack anything when the cost is so low to rent thousands of them. Most of the open proxies have limited bandwidth, are otherwise slow or are just honeypots. It would be waste of throughput to send anything via them.
Datacenter proxies and rotating proxies are generally used by L7 attackers. For example proxyscrape datacenter proxies, or some other site/seller from blackhatworld forum or via telegram. Proxy sources are usually hacked devices sold by middleman/some company.
That's what i thought so at first.
that's what we're actually aiming, act like a hacked device and watch what they do.
You'll at most catch small actors who have zero budget. Not any real attacks.
Offers category is there for a reason. This is spam
Theres a difference. These sellers dont mix open proxies (i.e your "hacked device") from public list. They are genuinely infected iot devices, cracked servers, screensaver apps, that are in full control of the proxy sourcer via some malware before they are handed over to middleman / some company to sell.
We'll have no problem with that as i've said that