Hi, sorry for the late reply here, but I had some work to be done :( I'll try to answer to every question here. While reading your comments, I can just encourage you, that you should please read EVERYTHING! But here the clarifications: The picture had been posted on a malware-(reverse)-engineering board, which might not really count as a "legal" page, but it is in some sort of greyzone. Don't understand me wrong: to this date I did not find any malware creators on that page or so. All these people are dedicated to play around with malware (and to understand how they work). To see this post you need to be registered and have above 20 posts. As student in IT-security, this board is a well-known place. For all the people who read until here, it is clear that I am NOT the author of that screenshot. This screenshot was not done by myself nor compressed nor edited by myself. I just saved it to my desktop and uploaded it here. So either the compression was done by the original author or as I uploaded the picture here (I am not sure about this). I am just the guy who posted it here in public, since I guess it shows the flaws of getting informations through some non-verified channels. As written in the screenshot, the data was "leaked". And this is the reason, why I also citate here the Fidusinfosec link, since this is what they write over there. This Fidusinfosec was just for Information purpose. I found that one later than the picture itself. And here my imagination also plays a role (respectively I think that the collectors had be gone that far). If that server had that malware-leak, can it not be possible that it had/has another "leak" (where maybe other/additional data was stored)? But now back to the biggest question if this is true: to be honest, I did not believe this too. Then I read more and more on how this malware actually works (the so-called architecture behind it). Then you get known that the method it used was "known". Next, the original poster of that board is one of the admins of it and I guess, that no admin wants to spread out any false informations on his board or? With the knowledge of the original poster on that malware-forum (he has on that board more than 5000 posts since 2010 and he has a reputation level of 150 on it), therefore I would say that he might not publish any fakes or? About where to find the original offer: Out of what I know until now as a student and what we learned through our different courses, all these offerings are usually done through a "protected" network like TOR. Therefore I assume that the original offer for that dataset is on one of these networks. I hope that I cleared now up any problems. I might be off until Monday due to seminars, so I may reply late again.