Share this page!

Conspirador Norteño Profile picture
Twitter logo
23 Oct, 6 tweets, 4 min read
Oh My God! This botnet is really Enormous Graceful Frame!

(We don't actually know what this means, but since it was repeated by seven different accounts, it's clearly important.)

cc: @ZellaQuixote
This botnet consists of 35 accounts, all created on either October 19th or October 20th, 2020. Thus far all of this network's content is replies (no retweets or original tweets), almost all posted via "Mobile Web (M2)". Some of the account biographies are duplicates.
This botnet is very repetitive, with 77 replies sent at least twice and the most frequent reply ("Oh My God! Your tweet is really Enormous Graceful Frame") used seven times by seven different accounts. (Table includes all replies that were repeated at least three times.)
The reply text isn't the only repetitive aspect of this botnet - it also replies to the same accounts and tweets over and over. We've included a collage of the 10 tweets that received the most replies from the botnet.
Does this botnet use stolen profile pics? Yup. For the images we were able to confirm were stolen, we found Google and Yandex reverse image searches about equally effective (TinEye wasn't very useful here).
Footnote: we've seen similar botnets before, including a reply spam botnet we found in early October 2020 (of which this may be a new incarnation) and a now-suspended botnet we found replying to @ARTEM_KLYUSHIN in August 2020.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
20 Oct
We took a look at nine days' worth of recent replies to @JoeBiden. Unsurprisingly, the Democratic nominee's account gets a lot of attention - 613039 replies from 266655 accounts between October 11th and 19th, 2020. Very little of the traffic looks automated.

cc: @ZellaQuixote
Although @JoeBiden consistently receives tens of thousands of replies per day, few contained links to news sites before Oct 14, when the New York Post published its story about Hunter Biden's alleged laptop. Links are mostly a mix of NY Post and various right-wing sites.
In keeping with the theme of the NY post story, Hunter Biden and various allegations that Joe Biden is corrupt are a recurring them of recent replies to @JoeBiden, especially the hashtags used. Two of the top four are #CrookedJoeBiden and #BidenCrimeFamily.
Read 5 tweets
Conspirador Norteño Profile picture
19 Oct
If you're looking for a Twitter account that spews a mix of conspiracy theories about Joe Biden and dubious claims that COVID-19 is a Chinese bioweapon, Steve Bannon's @WarRoomPandemic just might be your thing. Who's retweeting it?

cc: @ZellaQuixote
As it turns out, roughly 18% of the accounts (4909 of 27204 accounts) amplifying @WarRoomPandemic's tweets are Chinese-language accoutns, despite @WarRoomPandemic's content being in English.

(Results based on retweets of available via the Twitter API as of 2020-10-18.)
Retweet network for the accounts that recently amplified @WarRoomPandemic. The main cluster is a mix of right-wing English-language accounts and various Chinese accounts. The Chinese accounts are more densely clustered, as they retweet each other frequently.
Read 6 tweets
Conspirador Norteño Profile picture
17 Oct
What's up with all these accounts with AI-generated profile pics linking the same article on cointelegraph(dot)com at the same time using the same hashtags? #SaturdayShenaniGANs

cc: @ZellaQuixote
We found a total of 47 accounts spamming links to cointelegraph(dot)com via automation service dlvr(dot)it, all created in September or October 2020. The volume of this botnet has increased as more accounts were added.
The cointelegraph(dot)com website promoted by this botnet is a cryptocurrency "news" site registered in the Cayman Islands, according to WHOIS records. Almost all of this botnet's tweets (1222 of 1295, 94.3%) contain links to this website.
Read 5 tweets
Conspirador Norteño Profile picture
15 Oct
We've repeatedly noted that @ARTEM_KLYUSHIN is both followed and retweeted by large bot networks. He also follows nearly one million accounts. Is there anything interesting going on there? (Spoiler: yes.)

cc: @ZellaQuixote

We downloaded all of the accounts followed by @ARTEM_KLUYSHIN and plotted the order he followed them by the creation dates of the accounts followed. There are several streaks where he followed thousands of accounts in (mostly) reverse order of creation date. What's going on?
Answer: @ARTEM_KLYUSHIN on multiple occasions followed large swaths of the followers of large accounts in most-recent-follower-first order. For example, @ARTEM_KLYUSHIN followed @history_RF's first ~52K followers in the opposite order that those accounts followed @history_RF.
Read 8 tweets
Conspirador Norteño Profile picture
14 Oct
Just for fun, we started digging through the accounts followed by 60 popular verified #MAGA accounts to see what there is to see. We found one weird thing that stuck out like a sore thumb (and will add more if/when we find more). . .

cc: @ZellaQuixote Image
Meet @ScottIngwers. This account has never tweeted, never liked any tweets, has no bio, and uses a default profile pic. Despite this, its 342 followers include @DonaldJTrumpJr, @IvankaTrump, and @EricTrump. ImageImage
Since the account has no content, there's not really much about @ScottIngwers to analyze, but we did notice that despite the account being totally empty, it's picked up followers in a variety of languages. Image
Read 11 tweets
Conspirador Norteño Profile picture
13 Oct
What's the deal with these newly-made Twitter accounts firing off spammy replies in multiple languages? #TuesdayThoughts

cc: @ZellaQuixote Image
Answer: they're part of a spam network of unknown purposes, consisting of 23 accounts that tweet on remarkably similar schedules via "Mobile Web (M2)" (early tweets were sent via "Twitter Web App"). 98.9% of the tweets posted by these accounts are replies. ImageImageImageImage
Although these accounts reply mostly in English, a significant minority of their content is in a variety of other languages. The content is all over the map, ranging from random feel-good replies to coupon codes to comments on the present Armenia/Azerbaijan conflict. ImageImage
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @conspirator0