Lists of "email:password" pairs used by threat actors for Credential Stuffing attacks (trying the same password on multiple sites like Netflix, Amazon, or banking portals).

If your data is in this collection, it likely means a service you used between 2017 and 2020 was compromised.

As the name suggests, it covers a three-year period (May 2017 – April 2020), capturing data from sites that may have since been seized by law enforcement or gone offline.

Use services like Have I Been Pwned to see if your email address was part of major leaks during this era.

These collections often exceed several gigabytes and contain millions of unique entries. Common Components

Information from dark web marketplaces, including vendor names, product listings, and public reviews.

This is a "combo list" or "leak aggregator." It typically contains raw data scraped from hidden services (Tor network), including credentials (usernames/emails and passwords), database dumps, and forum posts.

The filename refers to a known large-scale archival collection of data scraped from various Dark Web "onion" sites and forums between 2017 and 2020.