Pulse Detail — Threat Intelligence

PULSE NAME

Tracing Blind Eagle to Proton66.

WHITE PetrP.73 2025-06-29 Modified: 2025-07-29

248

IOCs

HIGH VOLUME

The cyber threat group known as Blind Eagle, or APT-C-36, is closely linked with the Russian bulletproof hosting company Proton66 and is actively targeting organizations in Latin America, particularly Colombian financial institutions. Recent investigations have unveiled a significant operational infrastructure used by this group, characterized by extensive interconnections among various domains and IP addresses. Their modus operandi primarily utilizes Visual Basic Script (VBS) files as the initial attack vector and incorporates free Dynamic DNS (DDNS) services to facilitate operation.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1011 T1566 T1003 T1005 T1027 T1041 T1053.005 T1056.001 T1059.001 T1059.005 T1071.001 T1078

Indicators of Compromise (248)

All URL domain hostname FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://textbin.net/raw/xsi2eulwpw	—	2025-06-29
domain	textbin.net	—	2025-06-29
hostname	store3.gofile.io	—	2025-06-29
FileHash-SHA256	060d6f9c0505a7709281567b10bbc91256a073ecd4fef23e3de47f5ff7aa40de	—	2025-06-29
FileHash-SHA256	18d48c5050b3cb0b327108991811e0949cc076e76c98ee5ed2d04a6d5f6bc41d	—	2025-06-29
FileHash-SHA256	2c9b999f3cb82c127bd9bad395dc73304bbddc1015de617cae367dc749e24703	—	2025-06-29
FileHash-SHA256	5efa1fd90f9c644dd24880b7174d94acf0be0f10364106faae51d81c00c3bccd	—	2025-06-29
FileHash-SHA256	666f0c305b0a6cc558192918bc144c3119d898c33656101395140d93e9e10e69	—	2025-06-29
FileHash-SHA256	70fde5e9ea72ec208951adecf91801b752d72390a87d7defb288d67553a446a1	—	2025-06-29
FileHash-SHA256	b4031a0fee34072aa5c58b677ac2be9caf81f6a1e4cee4781cf3345e55df1231	—	2025-06-29
hostname	45-135-232-38.cprapid.com	—	2025-06-29
domain	cprapid.com	—	2025-06-29
hostname	dcfast.duckdns.org	—	2025-06-29
hostname	dcmxz.duckdns.org	—	2025-06-29
hostname	dcuxpag.duckdns.org	—	2025-06-29
hostname	drpras.duckdns.org	—	2025-06-29
hostname	dxpam.duckdns.org	—	2025-06-29
hostname	mail.45-135-232-38.cprapid.com	—	2025-06-29
hostname	testedark.writesthisblog.com	—	2025-06-29
domain	update-facebok.com	—	2025-06-29
domain	updatee-facebok.com	—	2025-06-29
domain	users-kucoin.com	—	2025-06-29
URL	http://45-135-232-38.cprapid.com/sostener.vbs	—	2025-06-29
URL	http://45.135.232.38/sostener1.vbs	—	2025-06-29
URL	http://45.135.232.38/sostener2.vbs	—	2025-06-29
URL	http://45.135.232.38/sostener3.vbs	—	2025-06-29
URL	http://dcuxpag.duckdns.org/	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/tokeninvalido/style.css	—	2025-06-29
URL	http://dxpam.duckdns.org/bancolombia/token.html	—	2025-06-29
URL	http://dxpam.duckdns.org/bancolombia/tokeninvalido/token-inva.html	—	2025-06-29
URL	http://dxpam.duckdns.org/sotener.vbs	—	2025-06-29
URL	http://mail.45-135-232-38.cprapid.com/sostener.vbs	—	2025-06-29
URL	http://testedark.writesthisblog.com/	—	2025-06-29
URL	http://updatee-facebok.com/sostener.vbs	—	2025-06-29
URL	https://45.135.232.38/bancolombia/	—	2025-06-29
URL	https://45.135.232.38/sostener.vbs	—	2025-06-29
URL	https://dcfast.duckdns.org/bancolombia/token.html	—	2025-06-29
URL	https://dxpam.duckdns.org/bancolombia/token.html	—	2025-06-29
URL	https://mail.45-135-232-38.cprapid.com/sostener.vbs	—	2025-06-29
URL	https://updatee-facebok.com/sostener.vbs	—	2025-06-29
URL	https://users-kucoin.com/sostener.vbs	—	2025-06-29
FileHash-SHA256	118939d7269aa279988e56ce17f1812fde855b4173358ae2935468ae4e8a2f30	—	2025-06-29
FileHash-SHA256	120ecdfc6d6c21d2345ebbab38f3ca451e431069cce0139890f9da5436b202fc	—	2025-06-29
FileHash-SHA256	1f1c42450a44e9cbd112572924d3ecd8da99c2ed848df0beb0c7c10c60faf85b	—	2025-06-29
FileHash-SHA256	24e6bbed87e62ac332712fac6cff35e3e72b5e9c54769be31899fa6ec36eb2eb	—	2025-06-29
FileHash-SHA256	2be211f45f8595e6e9b55ba227173aed35eb1ce53fb119beceb49f236232814d	—	2025-06-29
FileHash-SHA256	2c1b7ac7abf18b7128d05c6e0c5feaa2d0d6abef1e246d31a8e4fde74a6e659f	—	2025-06-29
FileHash-SHA256	3b2776d93feca48f02f530dff6a3d4d918d94ce4e61c249b9f51f24d1d090d74	—	2025-06-29
FileHash-SHA256	42e7e4d04acb52f076c586cdf99ba72ba3d041a9341a7aba04fb640a53f1471f	—	2025-06-29
FileHash-SHA256	433138a3783bbf3033b638ed447e6fcddad64832f329cfd6b7b519fa57b31738	—	2025-06-29
FileHash-SHA256	6932b67975d14d5d28cca2d73e6b1f31c3525e2472c38ae223b52dea0e84bebc	—	2025-06-29
FileHash-SHA256	a937e59c4e8f66f9c60c5725fa85bbd71e3a8fc32ade529ec7620ed81dd1126e	—	2025-06-29
FileHash-SHA256	af49a19cfd5cdcfdd19ac5578fface0100eddb9f088bde77c1a13eaab6b54e00	—	2025-06-29
FileHash-SHA256	b7f70efffd26242e94019e2dfcc18ce4cbd08c87a6a499ae18accc56878d62b2	—	2025-06-29
FileHash-SHA256	bfce82368168526a73f17f8f60db961773bbb37d3abdfead5f0dad57aeb7ea46	—	2025-06-29
FileHash-SHA256	c6515ee9422e840c096404d8ce2ca152fee317aed63264ad5cbd42833300656f	—	2025-06-29
FileHash-SHA256	cdc2106e6e47fe9e06e5c1b655b8428706cf3db33e31b854ddf3e1269d9c7978	—	2025-06-29
FileHash-SHA256	d016fcbdb988d56df4c26d75a12e87a61010ed2366b52eefb8b409a1d8bcbaab	—	2025-06-29
FileHash-SHA256	e59ec4bf6ee326a7ed244b3e562ec1fded1fa55c24ab7cafc44ea10bd4546c2b	—	2025-06-29
FileHash-SHA256	f3a16bd0a4daf9fbb9a62881c3ff501a88c6d50b724bfc6c2228f2883a9c0930	—	2025-06-29
FileHash-SHA256	f8eb456776edf06cd08eac96aaedd5108737a563c6441e0dd61759631d567271	—	2025-06-29
hostname	pt.textbin.net	—	2025-06-29
URL	http://textbin.net/raw/ohar02rduo	—	2025-06-29
URL	https://pt.textbin.net/raw/hazfzvn6bp/api/webhooks/1351943797524660297/0G4ZquaTKJZ9MynlsbWbMOSclboqh	—	2025-06-29
URL	https://textbin.net/Q	—	2025-06-29
URL	https://textbin.net/download/6j1xtw58bl	—	2025-06-29
URL	https://textbin.net/download/igvxdijw4qG	—	2025-06-29
URL	https://textbin.net/download/igvxdijw4qm32	—	2025-06-29
URL	https://textbin.net/download/x7sf6t2dgv	—	2025-06-29
URL	https://textbin.net/i	—	2025-06-29
URL	https://textbin.net/j	—	2025-06-29
URL	https://textbin.net/l	—	2025-06-29
URL	https://textbin.net/n8plrb9ea9	—	2025-06-29
URL	https://textbin.net/ra	—	2025-06-29
URL	https://textbin.net/raw/e888x9d3sz	—	2025-06-29
URL	https://textbin.net/raw/ezjmofz3s6Xze	—	2025-06-29
URL	https://textbin.net/raw/ohar02rduo	—	2025-06-29
URL	https://textbin.net/raw/r86qxoa6rsg	—	2025-06-29
URL	https://textbin.net/raw/vh39mjtqea	—	2025-06-29
URL	https://textbin.net/s	—	2025-06-29
URL	https://textbin.net/t	—	2025-06-29
FileHash-SHA256	0f43d44e18e29be0ee6c5c50416be0f354cbb0ee7c4ade4f0a469b8b37290394	—	2025-06-29
FileHash-SHA256	1c2062363c6a758e4a34934e46d60ab72d32cc0d26437d3f847b2a701a74ba26	—	2025-06-29
FileHash-SHA256	23d8adb7dcebd122084376f809c6e049b36fa2658250e8a65f6a19b203a8b3ab	—	2025-06-29
FileHash-SHA256	275ffd0055148e79df9c6ddcb9782385c65464a7e9aba01acfd76f9eafcac369	—	2025-06-29
FileHash-SHA256	3b2a51d955d32a0a1ecf5245a3767e54dea7b069a2b9af4d3a34ee17575b1b2b	—	2025-06-29
FileHash-SHA256	4297de28d569560bf2cd287e1a44771ec4f8deac993cb69b54b36fa497af52d3	—	2025-06-29
FileHash-SHA256	57aacca2e2bcb47513ae6f4d822331d0984899ef44c25e5e44c89e9a56a600ef	—	2025-06-29
FileHash-SHA256	5eedf72186da2896900c58f681abcd422007aa75bead01abf700e67c3c0399c8	—	2025-06-29
FileHash-SHA256	605cecf9011e24fcec1b5391827ac2f01a289f24d4d01a672c36bb6582658eac	—	2025-06-29
FileHash-SHA256	71358e1d73a327a458a3880681a6e76aa95cff4bd0ad322c413649afd2c3bbf5	—	2025-06-29
FileHash-SHA256	7602f7b433b9acc6e6b75af6dffc82f3fb164c075485c91c879c18aa03d73759	—	2025-06-29
FileHash-SHA256	a0aabe6b033f92ef6ba630fde802ab76a1f5b66187faa7fc76d2431098bf43f9	—	2025-06-29
FileHash-SHA256	d5095fc28d9b189698d2feebe96eceb5ee9d31877a0f2ed970356ff079455d73	—	2025-06-29
FileHash-SHA256	db457457003d9d87dfe09c1a1b190d0c4249db8232a052af49f4bba05228f8b4	—	2025-06-29
FileHash-SHA256	e0e27f27a6f2fa2fe7983ddb155117a1d2ef80aa941c2410ec7d7bc9ab037ce8	—	2025-06-29
FileHash-SHA256	e3739be8d78b50799d45a14a016eb9fcd7d5e6c4c16f508500d78c2307952412	—	2025-06-29
FileHash-SHA256	e8347183db35a101c35745d9e6709c0cd18669306e7501243af315b4f7a87333	—	2025-06-29
FileHash-SHA256	ea33b1ebc997854af3c942b5546a3009bb921c20a2c862a4f327306d2bc26c50	—	2025-06-29
FileHash-SHA256	ed6643adcd866ebe085c51be955c632a8fce08efce99cf87f8a42dcf1e5ef36a	—	2025-06-29
FileHash-SHA256	ffb9c305607ccd1e0612b7e26ebcd870c0d8d580308ca9626473b4cc0345ea24	—	2025-06-29
hostname	asynpro.duckdns.org	—	2025-06-29
hostname	drgost.duckdns.org	—	2025-06-29
hostname	driveswindows.duckdns.org	—	2025-06-29
hostname	testdark.writesthisblog.com	—	2025-06-29
hostname	vm130833.goodtec.cloud	—	2025-06-29
URL	http://45-135-232-38.cprapid.com/bancolombia/tokeninvalido/token-inva.html	—	2025-06-29
URL	http://45-135-232-38.cprapid.com/dinamicas	—	2025-06-29
URL	https://45-135-232-38.cprapid.com/sostener.vbs	—	2025-06-29
URL	http://dcfast.duckdns.org/dinamicas/	—	2025-06-29
URL	http://dcmxz.duckdns.org/sostener.vbs	—	2025-06-29
URL	http://dcmxz.duckdns.org/sostener.vbs/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/bancolombia/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/bbva5/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/cajasocial/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/davivienda/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/dinamicas/	—	2025-06-29
URL	http://dcuxpag.duckdns.org/sostener.vbs	—	2025-06-29
URL	https://dcuxpag.duckdns.org/bancolombia	—	2025-06-29
URL	https://dcuxpag.duckdns.org/bancolombia/	—	2025-06-29
FileHash-SHA256	0306e732ffe566484f21fb248a428f95daf2c30c19bc47164b5fda342d2f1d0a	—	2025-06-29
FileHash-SHA256	2b3fc741a0ea9d2b1485af1ba0910dbd8c3e17e0993e5d163830bcfecf1f7218	—	2025-06-29
FileHash-SHA256	3a1746ffc053eac4883e82ac092d425cfd58c839565a6b897ba288a3d1a692e8	—	2025-06-29
FileHash-SHA256	46975b762e3b2f2d995491706494068f1e7356155634c222c096e3ee159aac88	—	2025-06-29
FileHash-SHA256	5d8d7cc5ede5db1fadab26520cb397ad061d80b525d121572a574ff4ccebee57	—	2025-06-29
FileHash-SHA256	635cbfeb91b61be7424f133b9c3a0d29f8fab9dbc5d1dd5125806a1223136d9d	—	2025-06-29
FileHash-SHA256	71d4766edfed03bf5373d11aadde2a10dbccaddafa546ec5584c371d27ac6cd7	—	2025-06-29
FileHash-SHA256	75af3f6bc3bebbd5011b6d9fe8c3a874f6b06ad4b5c62c29f1345a7ba19e2467	—	2025-06-29
FileHash-SHA256	874d6548b5171e5c7d462cc0a5708a6bd401437894876df9e6ecfa0bd8b57008	—	2025-06-29
FileHash-SHA256	87ca9a7029a70d9b18e6e5a3b521c559a75e60c289d16dce833b05fc0d6b6c85	—	2025-06-29
FileHash-SHA256	87d18cd221db4017af65aa1bd3bb7dcbe4d65c902f3ceeb0ff21c715f9431e6b	—	2025-06-29
FileHash-SHA256	c083be8e5eaa0c7fef707ccf369f0e2ad844c922887a545b7e4d909dbe93208e	—	2025-06-29
FileHash-SHA256	ce0d4e5f03861245552dd4eb1c760587f9ecd3bcf773d79789d6f7cae5acef90	—	2025-06-29
FileHash-SHA256	e0e2918b279ef74ce42100fc738f8c9ff7f160cd78ed47db1a6b0d3fd2e91225	—	2025-06-29
FileHash-SHA256	f1ef5f35dc925d2e9bafc9af455aae1f1b9f2aebb8f83ceed27f3f2921515d9f	—	2025-06-29
FileHash-SHA256	f759c45dd88b49e3cd936ad0c450cd18ef4a56a620b07d252b7f01a20b8de379	—	2025-06-29
FileHash-SHA256	fd1a2f2cf5a3dc5181a7575c5c9dd296526924ff5c77553b687c3474781802c9	—	2025-06-29
hostname	104-237-234-70.cprapid.com	—	2025-06-29
hostname	13-48-200-20.cprapid.com	—	2025-06-29
hostname	137-184-24-197.mail.116-204-248-129.cprapid.com	—	2025-06-29
hostname	172-232-217-231.cprapid.com	—	2025-06-29
hostname	182-253-225-26.cprapid.com	—	2025-06-29
hostname	203-175-8-161.cprapid.com	—	2025-06-29
hostname	accountupdate.secure.att.com.34-46-203-238.cprapid.com	—	2025-06-29
hostname	cpcalendars.167-71-80-17.cprapid.com	—	2025-06-29
hostname	cpcontacts.verifica.accesso.lt.160-119-251-182.cprapid.com	—	2025-06-29
hostname	mail.108-137-84-107.cprapid.com	—	2025-06-29
hostname	mail.108-163-247-202.cprapid.com	—	2025-06-29
hostname	nalozhka.nalozhka.sec-web.app.srekanay.prod05.comup.selliod1dars.185-224-83-37.cprapid.com	—	2025-06-29
hostname	nalozhka.sec-web.app.srekanay.prod05.comup.selliod1dars.185-224-83-37.cprapid.com	—	2025-06-29
hostname	ns1.186-2-171-59.cprapid.com	—	2025-06-29
hostname	ns2.186-2-171-59.cprapid.com	—	2025-06-29
hostname	order-pending-delivery558787.206-183-128-199.cprapid.com	—	2025-06-29
hostname	ups-tracking.50-6-171-180.cprapid.com	—	2025-06-29
hostname	wpt-ivbh.62-212-239-135.cprapid.com	—	2025-06-29
hostname	wpt-tkob.66-84-30-230.cprapid.com	—	2025-06-29
hostname	wpt-yuys.131-153-56-226.cprapid.com	—	2025-06-29
URL	http://15-237-96-228.cprapid.com	—	2025-06-29
URL	http://18-219-72-96.cprapid.com/	—	2025-06-29
URL	http://cpcontacts.44-212-96-178.cprapid.com/	—	2025-06-29
URL	http://mail.45-61-151-79.cprapid.com/	—	2025-06-29
URL	http://ns1.190-102-43-24.cprapid.com/	—	2025-06-29
URL	http://ns2.190-102-43-24.cprapid.com/	—	2025-06-29
URL	http://webdisk.3-137-194-246.cprapid.com	—	2025-06-29
URL	http://webmail.173-231-230-161.cprapid.com/	—	2025-06-29
URL	http://www.13-36-166-80.cprapid.com/	—	2025-06-29
URL	https://13-36-166-80.cprapid.com/	—	2025-06-29
URL	https://13-36-166-80.cprapid.com/RingGoGreen/	—	2025-06-29
URL	https://15-237-96-228.cprapid.com	—	2025-06-29
URL	https://170-64-175-101.cprapid.com/myapps/telstra/signin/	—	2025-06-29
URL	https://82-208-21-233.cprapid.com/PayByPhone.eu/	—	2025-06-29
URL	https://ipv6.43-130-26-131.cprapid.com/	—	2025-06-29
URL	https://mysweepstakes.site.31-22-4-39.cprapid.com/	—	2025-06-29
URL	https://webdisk.3-137-194-246.cprapid.com	—	2025-06-29
URL	https://webmail.18-143-155-170.cprapid.com/	—	2025-06-29
URL	https://whm.191-96-11-127.cprapid.com/relog/otp6/sign/index.html	—	2025-06-29
URL	https://www.13-36-166-80.cprapid.com/	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/img/icono.jpg	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/img/itemb.jpg	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/img/logo.jpg	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/img/logo_sve.gif	—	2025-06-29
URL	http://drpras.duckdns.org/bancolombia/tokeninvalido/token-inva.html	—	2025-06-29
URL	http://drpras.duckdns.org/bbva5	—	2025-06-29
URL	http://drpras.duckdns.org/cajasocial	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/candado.jpeg	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/compartir.jpeg	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/error.jpeg	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/icon.jpg	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/lemotiv.png	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/llave.jpeg	—	2025-06-29
URL	http://drpras.duckdns.org/davivienda/img/signo.jpeg	—	2025-06-29
URL	https://drpras.duckdns.org/bbva5/	—	2025-06-29
URL	https://drpras.duckdns.org/sostener1.vbs/	—	2025-06-29
FileHash-SHA256	f092b7606233d1512530c5680b4e4ea17212f24024374bfd96061cd7260a0ffa	—	2025-06-29
URL	http://dxpam.duckdns.org/sostener.vbs	—	2025-06-29
URL	https://dxpam.duckdns.org/bancolombia/img/	—	2025-06-29
URL	https://dxpam.duckdns.org/sostener.vbs/	—	2025-06-29
FileHash-SHA256	38f7da8b2ea2cbb91886103f213a46216855957404f598f5a6c0b1b8ceddb9ba	—	2025-06-29
URL	http://testedark.writesthisblog.com/bancolombia/	—	2025-06-29
URL	http://testedark.writesthisblog.com/bbva5/	—	2025-06-29
URL	http://testedark.writesthisblog.com/cajasocial/	—	2025-06-29
URL	http://testedark.writesthisblog.com/davivienda/	—	2025-06-29
URL	http://testedark.writesthisblog.com/dinamicas/	—	2025-06-29
URL	http://testedark.writesthisblog.com/sostener1.vbs	—	2025-06-29
URL	http://testedark.writesthisblog.com/sostener2.vbs	—	2025-06-29
URL	http://testedark.writesthisblog.com/sostener3.vbs	—	2025-06-29
URL	https://testedark.writesthisblog.com/bancolombia/tokeninvalido/token-inva.html	—	2025-06-29
URL	http://mail.45-135-232-38.cprapid.com/bancolombia/tokeninvalido/token-inva.html	—	2025-06-29
URL	http://mail.update-facebok.com	—	2025-06-29
URL	https://mail.update-facebok.com	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/copía	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/img/logo.jpg	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/img/sucursal.jpg	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/script.js	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/style.css	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/tokeninv...	—	2025-06-29
URL	http://updatee-facebok.com/bancolombia/tokeninvalido/style.css	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/img/campana2.jpeg	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/img/lemotiv.png/	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/img/llave.jpeg	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/script/script.js	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/styles/st...	—	2025-06-29
URL	http://updatee-facebok.com/davivienda/styles/style.css	—	2025-06-29
URL	https://www.updatee-facebok.com/bancolombia	—	2025-06-29
URL	https://www.updatee-facebok.com/bancolombia/	—	2025-06-29
URL	https://www.updatee-facebok.com/dinamicas	—	2025-06-29
URL	https://www.updatee-facebok.com/dinamicas/	—	2025-06-29
URL	https://www.updatee-facebok.com/sostener.vbs	—	2025-06-29
URL	http://users-kucoin.com/sostener.vbs	—	2025-06-29
FileHash-SHA256	116152ecab73bbd46021c75c7febcf15926e294e1c2360cba3e4dc2b1b575d77	—	2025-06-29
FileHash-SHA256	623e86ed2df4670b8d8f5f82c2e5e9e9d74dac0729f609a3a9192b214c83c301	—	2025-06-29
FileHash-SHA256	de96be70b3431c2aeda475960d889c734890605df50300a03db938e1e185ea99	—	2025-06-29
URL	https://pt.textbin.net/download/igvxdijw4q	—	2025-06-29
URL	https://pt.textbin.net/download/insdj4bhn2	—	2025-06-29
URL	https://pt.textbin.net/download/itm1dkgz7c	—	2025-06-29
URL	https://pt.textbin.net/download/l7ht9ey8tp	—	2025-06-29
URL	https://pt.textbin.net/download/muow1bxdn7	—	2025-06-29
URL	https://pt.textbin.net/download/muow1bxdn7:5552	—	2025-06-29
URL	https://pt.textbin.net/download/rcd5ihynxw:5552,0.tcp.sa.ngrok.io:15577	—	2025-06-29
URL	https://pt.textbin.net/download/rcd5ihynxw:5552,0.tcp.sa.ngrok.io:17721	—	2025-06-29
URL	https://pt.textbin.net/download/rcd5ihynxw:5552,0.tcp.sa.ngrok.io:17753	—	2025-06-29
URL	https://pt.textbin.net/download/rcd5ihynxw:5552,0.tcp.sa.ngrok.io:19464	—	2025-06-29
URL	https://pt.textbin.net/download/vzgm3tptve	—	2025-06-29
URL	https://pt.textbin.net/download/vzgm3tptveX	—	2025-06-29
URL	https://pt.textbin.net/download/wohbuyvc6t	—	2025-06-29
URL	https://pt.textbin.net/download/x7sf6t2dgv	—	2025-06-29
URL	https://pt.textbin.net/raw/4h6jpzcewz	—	2025-06-29
URL	https://pt.textbin.net/veoxiknpjo	—	2025-06-29

References (1)

↗ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tracing-blind-eagle-to-proton66/