Researcher stumbled onto cyberzap.fun, a Dutch police honeypot mimicking a DDoS-for-hire booter site under Operation PowerOFF, and got it taken down by poking around.
Key Takeaways
Operation PowerOFF is coordinated by the Dutch Politie using bit.nl infrastructure; MX DNS records on cyberzap.fun leaked the operator identity.
Cyberzap collected criminal intent evidence: attacker IP, email, and attack target. Payment always failed with a generic error regardless of method chosen.
A second site, netcrashers.net, is an overt scare-redirect aimed at teenagers, instantly showing a police warning page on any click.
The researcher’s attack order had ID 15, suggesting only 14 prior requests total, most likely internal testing, indicating near-zero real catch rate.
Dutch police also produced AI-generated propaganda video and ran a Reddit AMA, suggesting the operation prioritizes perception over enforcement results.
Hacker News Comment Review
Commenters broadly disputed the “they panicked” narrative; the more likely explanation is an automated WAF or IP-based 401 rule, not human reaction to the researcher’s email.
The “fake honeypot” framing drew pedantic pushback: it is technically a real honeypot, just run covertly by law enforcement rather than a private operator.
Several commenters noted the irony of a DDoS-honeypot site using Cloudflare Turnstile captcha, and reflected on how many dark-web listings for contraband are likely also law enforcement traps.
Notable Comments
@bananamogul: “More likely someone put in a WAF rule that 401’d for his IP” – direct counter to the post’s central claim.
@TurdF3rguson: Flags the absurdity of a honeypot booter site needing bot-protection captcha.
