LinkSort #29
Jul 7, 2026
A credential stuffing / stealer log compilation in URL:username:password format. The file contains thousands of plaintext credentials across hundreds of different websites including social media (Facebook, Twitter, Instagram), gaming platforms (Roblox, Garena, Steam), financial services (EPF India, GST India, Maybank), and various other services. The data spans multiple geographies with notable concentrations of Vietnamese, South African, Indian, and Malaysian users. This appears to be part of a numbered series of sorted credential lists ('LinkSort') derived from infostealer malware logs.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_29.txt3 columns968,055 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | contains URLs, app package names, IPs, and service identifiers — typical for account identifiers in stealer logs |
| 1 | password | high | values include plaintext passwords, password hashes, and special-character patterns typical of credentials |
| 2 | skip | high | contains empty strings, placeholders ('?'), or non-PII tokens; no consistent PII pattern observed |
Notes: Combo list from 'LinkSort' infostealer logs. Format is URL/app:username:password or similar. Second field contains credentials; third field often empty or placeholder.