Spammy Vibes and Monetized Jibes
Opacity and incentives converge to drive a thriving grift industry on the socials
In my earlier post, I exposed a prominent Western right-wing account “Radio Europe” as a scrubbed-and-rebranded Turkish thirst account running an ideological grift—one among many others of similar origin, operating similarly repurposed digital assets in similar spaces.
The ideological grift problem is far more widespread, though, as indicated by the OSINT scalps I have been collecting recently on X/Twitter. Their tactics are enabled by the designed transparency/countermeasure failures of the platforms, letting them project a public persona while masking an incongruous history. Following are three examples to illustrate.
Sus Vibrations
Crazy Vibes (@CrazyVibes_1 | id=1807722401029033984) has been on X since July 2024. They have 76.7K followers, with bio reading “Make America great again 🇺🇸🇺🇸”, tagging Donald Trump and Elon Musk, and drawing attention to their Buy Me a Coffee link, where their bio reads “Trump supporter far right anti Woke always trying to expose liberals hypocracy” (sic). Their sole Subscription is to Musk’s account, as is often the case for accounts of their genre (or projected genre).
This might have something to do with Musk having interacted with this account on a couple of occasions. The original posts involved have been deleted, which might explain the current post count of 651 despite the high frequency of posting—a regular scrubber. They certainly enjoy the attention, as seen in posts boasting of such, uncovered through their web archive.
The same web archive also reveals their location in earlier posts to have been India. Back in those innocent days, they were more involved in “Daily posting positive content 😊”, per their bio.
Their tone seems to have quite changed since then, as they switched their location to “Texas, USA” and started posting right-wing outrage bait.
There are only a handful of original posts up at a time (again, regular scrubber). The majority of the total posts appear to be accounted for by replies, and specifically reply spamming—a common behavior of such grifter accounts, where they post more outrage bait in replies to original posts by more popular accounts, to draw more followers to their accounts.
Note that part of the above was also posted by the “Radio Europe” grift account.
Attack of the Replycators
Interestingly, the text in the last of the above sample matches the text of a reply by another account.
Actually, more than a single reply from that account (more on it later).
Investigating further, it appears that this is a de facto “copypasta”, and is far older.
And it’s not the first time this account has grabbed content from other accounts’ replies to repost as its own.
I have noticed this tactic with a number of other accounts, which I call “replycators”. They trawl the platform—possibly with the assistance of bots or some other tools—to find replies (or sometime original posts) that show signs of gaining traction, and repost the content from those as their own, usually while reply spamming.
That is likely why those accounts—and these other two below, with openly Indian names—are finding themselves rooting for the tradcath cult, or working storm-shift nurse duty in Florida, or all-caps passionate about “ILLEGALS DISENFRANCHISING AMERICANS”.
Mr Worldwide
That “Mr. Pitbull” account (@MrPitbull07 | 1430585262803804161), incidentally, has a comparable follower count, claims to be based in DC (also in the US), also tags Trump and Musk, and also has a Buy Me a Coffee link.
There’s been a bit of scrubbery on this account already, but its canonical ID check throws up an earlier handle (which they also forgot to change in the link on the aforementioned Buy Me a Coffee profile).
Post data from early in the web archive under this “WorldHallOfFun” handle happens to reveal a location in … DC again?
This is, however, from only less than a year ago. The account was created in 2021. The Hindi-language replies are from 2023.
I looked at another archive scan, and found an even earlier handle.
May 2023. This is more like it.
And the earlier posts from this handle’s web archive?
Our subject appears to have then gone by “Tweet Chor” (which translates to “tweet thief”, appropriately), then but a young ‘un of the “python || JS || HTML || CSS ||\n \nengineering student💪” variety. And their location? Bengaluru (i.e. India).
An advanced search reveals Hindi-language replies (non-scrubbable) to the account’s earlier posts. Something sketchy is indeed afoot.
It’s unclear if this account shares an operator or network with the “Crazy Vibes” account, but one is certainly aware of the other (and note that the content here was also used as follower-farming reply-spamming copypasta by the latter).
And it’s well on-brand with reply-spam messaging.
This “anti-dog flyers” claim was debunked as an IRL troll false flag operation, by the way (h/t
).
More of the same propaganda that was also shared by “Crazy Vibes”, and by “Radio Europe”.
And an interesting case of replycation (with use of AI to slightly rephrase the same text?).
The Reply Guy
The same tactic happens to also be a forté of “The Random Guy” (@RandomTheGuy | 627607867).
This relatively old account declares itself as located in India. No indication of extensive scrubbing, at least, given the post count.
The account was rebranded at some point, though.
Its web archive under the older handle reveals a name “Vikrant Yadav" and location “India”. Checks out.
Now, the original posted content on this account appears to be mostly inspirational/cute pablum.
That seems harmless enough.
Look through the replies, though, and you see reply spamming with copypasta right-wing outrage bait.
The original, from a prominent right-wing account:
Another one:
Yes, the last one in the above sample was in reply to, again, “Radio Europe”. This is the original, from another prominent right-wing account:
Plenty more where that came from.
Darkly by Design
Apart from the connections to the subject of my last post, there are the obvious comparisons to the infamous case of “Inevitable West” (an Indian based in Dubai, also running a Western right-wing grift on X); as well as to the industrial-scale economy of AI slop also run from India, covered in depth at 404 Media. All three use reply spamming to farm followings, along with copypasta. Two are externally monetised with Buy Me a Coffee links, while all three would qualify for ad revenue sharing. All three are “blue-checked”.
As with clusters of inauthentic operation run out of the Turkish and Vietnamese internet ecosystems (among others), this is not about the ethnicities, but about the incentives. Even a few units of a powerful currency go a long way in some places, and to those in some economic strata there (or just to people who don’t mind resorting to such dishonest tactics for money).
We saw this in Veles in 2016. Tech capable of running these are getting easier to access—including AI tools, and a market in deployment tools dedicated to management of inauthentic digital assets. Combine that with the lack of local law enforcement against it, and this kind of activity is sure to proliferate wherever the revenue outweighs the cost.
While operations like this may never be entirely eliminated, as their tactics are always adversarially adapting, the problem would be far more tractable with more platform transparency and interoperability. This would enable people to control their own online experiences, and service developers to provide tools and/or services—whether free or paid—enabling detection and elimination of bad actors from information ecosystems, at the user level and the platform level.
At present, we depend mostly on third-party services to archive historical trails of identification data, user relationships, and user content. As seen in the case of MrPitbull07/WorldHallOfFun/py_chief, a single such service may not be sufficient for this purpose, and we often come across accounts with no records in such archives at all. We can’t even see information on native monetisation. This kind of conduct can only be effectively identified with access to complete data across and along account timelines, along with historical account data and network data. And while it is the worst offender, this problem is not limited to X, by any means.
Inauthentic conduct is not free speech, but fraud. As such, there is no liberty-based reason for platforms to restrict investigation of this conduct; and to not expose and eliminate this conduct in a viewpoint-neutral way; or to not at least permit investigators and users the data access and legal latitude to do so themselves. We cannot continue to let the platforms get away with shirking their responsibilities in this regard.