LinkSort #60 Stealer Logs
Jul 7, 2026
A credential stuffing / infostealer log compilation labeled 'LinkSort #60', containing URL:username:password triplets harvested from various websites. The data appears to be West African (primarily Côte d'Ivoire) in origin based on domains like uvci.edu.ci, farfarci.com, djoganapayci.com, and French-language services. Contains plaintext credentials for Google, Facebook, Instagram, Netflix, Apple ID, Snapchat, PayPal, and dozens of other services. This is a stealer log sorted/compiled file, not a breach of a single company.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_60.txt3 columns999,194 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | contains URLs, internal IDs, sequence numbers, timestamps, or non-PII data |
| 1 | username | high | contains email addresses, user handles, and other identifiers used for account access |
| 2 | password | high | contains password hashes, plaintext passwords, and other credential strings |
Notes: Combo list containing URL/service identifier, username (often email), and password. Data originates from West African (primarily Côte d'Ivoire) sources based on domains and language. Contains credentials for major services like Google, Facebook, Instagram, Apple ID, PayPal, Netflix, and Snapchat, harvested from infostealer/credential stuffing logs.