# Combolist Logs

Combo lists, a.k.a ULPs, are compilations of URL, username, and password information shared on dark web related resources. Due to the nature of these files, they do not include any additional information such as the date of the breach or details about the compromised device. They are simply lists of credentials in URL:USERNAME:PASSWORD format.

The following image contains part of a combo list detected on dark web related resources.

<figure><img src="/files/qo4cpKQz5TFE2xl8OLSY" alt=""><figcaption></figcaption></figure>

### Difference Between Information Stealer Logs and Combo lists

Information stealer logs include additional data such as IP addresses, host-names, usernames, operating systems, malware paths, files, the date of compromise, and saved credentials from the browsers. In contrast, combo lists are merely lists of credentials without any supplementary information, making them less reliable compared to comprehensive information stealer logs.

### Whiteintel Approach

Whiteintel offers a filter differentiate between information stealer logs and combo lists.

<figure><img src="/files/jMDHItgcaGV1ZHsY690g" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledge.whiteintel.io/basics/markdown.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.