So, what's happend ?
Like i've says on my previous article "researchers will always have your crapwares sooner or later"
Now a builder was leaked ¬.¬
And about Citadel...
With a crappy exploit
Unknown shit still in brute force with htaccess claiming "Auth to RSS-Feed"
And a log parser (again the same) used by bot-herders to parse Citadel logs.
Anyway there will be no inpact about the leak
PS: i've not looked if it's really original builder or a fake.