diff --git a/exercises/h4.md b/exercises/h4.md
index e2b9473..66a9012 100644
--- a/exercises/h4.md
+++ b/exercises/h4.md
@@ -733,6 +733,14 @@ The most memorable log entry from the past years was, however, a penetration att
 4.125.148.79 - - [07/Aug/2013:20:53:35 +0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 142 "-" "ZmEu"
 ```
 
+`w00tw00t` scanning technique is an old one and dates back to the last decade. However, it is still being widely used. More about this intrusive scanning technique:
+
+- [Symantec: Hacktool.DFind](https://www.symantec.com/security-center/writeup/2005-011411-1411-99)
+
+- [NinTechNet: How to block web vulnerability scanners with iptables.](https://blog.nintechnet.com/how-to-block-w00tw00t-at-isc-sans-dfind-and-other-web-vulnerability-scanners/)
+
+Information about `w00tw00t` is widely available from other online sources as well.
+
 **d)** Create a set of websites on your local computer and copy the sites to your web server with scp command.
 --------------