LinkSort Stealer Log #62
Jul 7, 2026
A stealer log compilation labeled 'LinkSort #62' containing credential pairs in URL:username:password format. The data spans numerous services including Facebook, Instagram, Discord, Roblox, Netflix, LinkedIn, PayPal, Google, and various Brazilian government and banking portals. This appears to be an infostealer log aggregation — not a breach of a single target — with credentials harvested from multiple victims' browsers/devices.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_62.txt3 columns999,921 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | contains URLs, application identifiers, android app URIs, IP addresses, and other non-PII identifiers |
| 1 | username | high | contains email addresses, numeric IDs, and other user identifiers |
| 2 | password | high | contains passwords, password hashes, and placeholder values like UNKNOWN |
Notes: This is a stealer log compilation containing credential pairs harvested from browser autofill and system captures. Field 0 contains URLs, app identifiers, android URIs, IP addresses, and other non-PII identifiers that serve as service context. Field 1 contains user identifiers including emails, numeric IDs, and usernames. Field 2 contains passwords, hashes, and placeholder values.