LinkSort Stealer Log Compilation #64
Jul 7, 2026
A stealer log compilation labeled 'LinkSort #64' containing credential data in URL:username:password format. The data appears to be aggregated from infostealer malware targeting primarily Brazilian users, containing credentials for Google, Facebook, Netflix, Disney+, Mercado Libre, Brazilian government portals (acesso.gov.br, detran.pe.gov.br, jucepe.pe.gov.br), banking (Caixa), and various other services. Includes CPF numbers (Brazilian tax IDs) used as usernames for government portals.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_64.txt3 columns999,933 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | contains URLs, IP addresses, Android app URIs, and other non-PII identifiers |
| 1 | username | high | contains email addresses, CPF numbers, and other user identifiers used as usernames |
| 2 | password | high | contains password-like strings, hashes, and special characters typical of passwords |
Notes: Combo list contains URL/service identifier in column 0, username/CPF in column 1, and password in column 2. Data includes Brazilian government portals, banking, social media, streaming services, and other platforms.