← All datasets

LinkSort Stealer Log Compilation #23

Jul 7, 2026

999,793
Records
1
Files
Jul 7, 2026
Added

A stealer log compilation labeled 'LinkSort #23' containing credential pairs in URL:username:password format. Data appears to originate from infostealer malware targeting primarily Brazilian users, with credentials for Google, Facebook, Microsoft Live, Steam, Roblox, Netflix, iFood, and various Brazilian services. Includes both plaintext passwords and some encrypted/token values. No single breached company — this is a multi-source stealer log aggregation.

Data found in this dataset

Usernameskip

Search this dataset

Scoped to this dataset. Fill any combination — results match if any field hits.

Source files

Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.

LinkSort_23.txt
3 columns999,793 rows

File structure

Source columnMapped fieldConfidenceLLM assessment
0skiphighURLs/service endpoints - not PII, used to identify breach source
1usernamehighValues are usernames, email addresses, phone numbers, CPF/document IDs, or generic identifiers used for account access
2passwordhighValues are plaintext passwords, hashes, tokens, or encrypted credentials

Notes: Standard URL:username:password format. Field 1 contains mixed credential types: email addresses (fujoshiqualquer@gmail.com), usernames (DarlingDearLolicons), phone numbers (+5566999375500), Brazilian CPF/document IDs (065.749.181-03), and generic identifiers. Field 2 contains plaintext passwords, base64-encoded tokens, and RSA keys. Some fields marked UNKNOWN indicate missing/redacted credentials. Multi-service stealer log from Brazilian infostealer malware targeting Google, Facebook, Microsoft, Steam, Roblox, Netflix, Spotify, Discord, PayPal, and local Brazilian services.