I've only taken a quick glance at the data so far, but here's some preliminary information:
The leak contains disk images from five different servers. This would be similar to if someone physically removed the drive from each server and cloned it in its entirety.
The five servers have the following hostnames, which is likely an indication of their origin and purpose. These were copied directly; any misspellings are in the original data.
- whmcs.cloudmin.wecandevelopit.com
- noshow.cloudmin.wecandevelopit.com
- registrar-staging.cloudmin.wecandevelopit.com
- remotecolnsole.cloudmin.wecandevelopit.com
- spynamesparser.cloudmin.wecandevelopit.com
Most of the images appear to have been taken in June, 2020, with the exception of noshow, which was taken in December, 2019.
That makes this data older than that in the first leak. There's a good chance these were deliberate backups made by Epik.