LinkSort Stealer Log Compilation #23
Jul 7, 2026
A stealer log compilation labeled 'LinkSort #23' containing credential pairs in URL:username:password format. Data appears to originate from infostealer malware targeting primarily Brazilian users, with credentials for Google, Facebook, Microsoft Live, Steam, Roblox, Netflix, iFood, and various Brazilian services. Includes both plaintext passwords and some encrypted/token values. No single breached company — this is a multi-source stealer log aggregation.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_23.txt3 columns999,793 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | URLs/service endpoints - not PII, used to identify breach source |
| 1 | username | high | Values are usernames, email addresses, phone numbers, CPF/document IDs, or generic identifiers used for account access |
| 2 | password | high | Values are plaintext passwords, hashes, tokens, or encrypted credentials |
Notes: Standard URL:username:password format. Field 1 contains mixed credential types: email addresses (fujoshiqualquer@gmail.com), usernames (DarlingDearLolicons), phone numbers (+5566999375500), Brazilian CPF/document IDs (065.749.181-03), and generic identifiers. Field 2 contains plaintext passwords, base64-encoded tokens, and RSA keys. Some fields marked UNKNOWN indicate missing/redacted credentials. Multi-service stealer log from Brazilian infostealer malware targeting Google, Facebook, Microsoft, Steam, Roblox, Netflix, Spotify, Discord, PayPal, and local Brazilian services.