This analysis focuses on Proton66, a bulletproof hosting network enabling cybercrime operations and serving as a hub for aspiring cybercriminals. It examines the activities of a threat actor known as 'Coquettte,' who is linked to the Horrid hacking group. The investigation reveals a fake cybersecurity website used for malware distribution, and explores Coquettte's broader criminal ventures, including a website allegedly providing guides for illegal activities. The research highlights Proton66's role as a breeding ground for amateur threat actors and provides insights into the malware infrastructure used by Coquettte, including the Rugmi/Penguish loader trojan. The analysis also uncovers connections to other domains and potential affiliations with a larger hacking collective.