White Intel Knowledge Center
  • Getting Started
    • Quickstart
    • Getting an Account
    • Sign-in
  • Basics
    • Stealer Logs
    • Combolist Logs
    • Consumer Records
    • Corporate Records
  • WHITE INTEL USAGE
    • Dashboard
    • Global Search
    • Watchlists
    • Watchlist Events
  • Organization Settings
  • API Access
  • Webhooks
  • Purchasing Subscription
    • Researcher Subscription
    • Enterprise Subscription
    • Threat Intel Subscription
  • Frequently Asked Questions
    • FAQ
Powered by GitBook
On this page
  • Difference Between Information Stealer Logs and Combo lists
  • White Intel Approach
  1. Basics

Combolist Logs

PreviousStealer LogsNextConsumer Records

Last updated 2 months ago

Combo lists, a.k.a ULPs, are compilations of URL, username, and password information shared on dark web related resources. Due to the nature of these files, they do not include any additional information such as the date of the breach or details about the compromised device. They are simply lists of credentials in URL:USERNAME:PASSWORD format.

The following image contains part of a combo list detected on dark web related resources.

Difference Between Information Stealer Logs and Combo lists

Information stealer logs include additional data such as IP addresses, host-names, usernames, operating systems, malware paths, files, the date of compromise, and saved credentials from the browsers. In contrast, combo lists are merely lists of credentials without any supplementary information, making them less reliable compared to comprehensive information stealer logs.

White Intel Approach

White Intel offers a filter differentiate between information stealer logs and combo lists.