Friday, November 23, 2012

Trent Lee: Twitter Spammer

On Thanksgiving Day 2012, I was checking my Twitter account to see if anyone had sent me messages and I found this
It looked like just another spam message that you often see on Twitter, but this time I decided to see how widespread the spammers' activities really were. While the actual texts of the messages varied, certain elements were common enough that I could do a search to find many of the other tweets sent out over the past few days. What I found was really interesting...

About 200 Twitter accounts had been created to send tweets advertising this "business" and the person behind it even had multiple accounts created for himself. I suppose he did that as a precaution against one or more of his accounts getting closed. What I found very disturbing is that many of these accounts seemed to have been formerly active on Twitter until a few days ago. At that point, the names of the accounts seem to have been changed and all the people following or being followed were discarded. That explains why the number of followers and followings were almost always zeroed-out on the Twitter accounts being used for spamming. There was a reported hack of Twitter when many subscribers reported receiving an email telling them to change their passwords. This was apparently a phishing attack which seems to have been successful in a number of cases. It is possible that many or even all of the accounts being used to spam on behalf of Trent Lee were victims of the phishing. I typically ignore emails like that, since I am a suspicious person by nature and seldom trust such requests when I get them.

Having little else to do that day, I blocked every one of them from messaging me in the future and I also reported them to Twitter for spamming. Time will tell what sort of effect that will have. Twitter may or may not decide to close them down, but I think that depends on how many other Twitter account holders also reported them.

The central personality behind all of this goes by the name "Trent Lee" and these are his four accounts: @TrentLeeK37 @TrentLeeU86 @TrentLeef58 @TrentLeez42 and you can see that they haven't been used very much, having at mosts 21 tweets, many of them retweets of posts from supposed "fans" thanking him for whatever the hell he was supposed to have done for them.
Clicking on the link provided on the profiles eventually takes you to his website http://www.trentsteam.com although the actual link is not displayed on his profiles. The links are displayed using URL shorteners which are apparently used to hide the URL http://trentlee.goosenipps.net/ which then redirect to his homepage.

Why go through the trouble? Many people have direct links to their websites on their Twitter accounts. There's a link to this blog on my Twitter page, in fact. So, why did Trent want to obscure his link in this way?

Hey, it is his Twitter page and he can do whatever he wants with it and it's not for me to dictate what he does. But, it did make me wonder, so I started digging around.

Trent's website is a typical "I can help you make lots of money very easily"-type of site. But, Trent has registered his website anonymously through Domains By Proxy, which sets-off alarm bells for me, right away. If this was a legitimate business with nothing to hide, he shouldn't be afraid to let us know his address, right?

But, what about goosenipps.net, where Trent's website appears as a subdomain before the redirect? Well, that's a different story
Domain Name: GOOSENIPPS.NET
Registrar: MONIKER

Registrant [4021699]:
Jessica Gable migajeli@yahoo.com
409 Northern Trail
Leander,TX 78641 US

Administrative Contact [4021699]:
Jessica Gable migajeli@yahoo.com
409 Northern Trail
Leander, TX 78641 US
Phone: +1.5125889682

Billing Contact [4021699]:
Jessica Gable migajeli@yahoo.com
409 Northern Trail
Leander, TX 78641 US
Phone: +1.5125889682
Technical Contact [4021699]:
Jessica Gable migajeli@yahoo.com
409 Northern Trail
Leander, TX 78641 US
Phone: +1.5125889682

Domain servers in listed order:
NS533.HOSTGATOR.COM
NS534.HOSTGATOR.COM
Record created on: 2012-10-17 00:09:04.0
Database last updated on: 2012-10-17 02:33:19.853
Domain Expires on: 2013-10-17 00:09:11.0
Just entering goosenipps.net in your URL bar takes you to Trent's website. Interestingly, the person who owns goosenipps.net also owns at least two other websites, lighthoser.net and crankerobo.net both of which redirect to an adult cam site. I'm curious as to why someone would own two adult sites and one get-rich-quick site. Adult sites can be good moneymakers, but there's a lot of competition out there, including free porn sites. A get-rich website may seem like a good investment, since people are always looking for a way to make a lot of money working from home in their spare time. Maybe the cam site isn't paying the bills. Either that or somebody is just plain greedy.

The phone number given for the registrant is a cellphone, which isn't unusual, since many people are foregoing a land line these days. The email address - migajeli@yahoo.com - is linked to this Myspace account, which looks like it hasn't been accessed in over a year.

Trent's website may be registered anonymously, but we do know that his servers are run by softlayer.com and that site is registered in Texas, just like goosenipps.net.
Softlayer Technologies, Inc.4849 Alpha RoadDallas, Texas 75244United States+1.2144420600 Fax -- +1.2144420601
Despite all these links to Texas, Trent gives the following as his contact information

TrentsTeam.com
8605 Santa Monica Blvd #49267
Los Angeles, CA 90069
Email trent@trentsteam.com
The mailing address is not his place of residence, it's a mailbox that he rents.


As far as Trent's website and money-making scheme, I'd advise everyone to steer clear of him, since anyone who goes through this much trouble to obscure himself from the public has no business being trusted to help people who need to create a source of income for themselves. Plus, the rather unethical behavior demonstrated by spamming Twitter on behalf of his business - possibly using hacked Twitter accounts -shows him to be someone completely undeserving of trust.

UPDATE

A second round of spamming is currently taking place on Twitter advertising the cam show site mentioned earlier. The lead accounts are @CapriGalb82 @CapriGalJ99 @CapriGalq05 and @CapriGalm75 but the accounts being used to send the spam messages across Twitter are mostly different ones than those used earlier.

ANOTHER UPDATE

While all the CapriGal profiles on Twitter seem to have been deleted, the account @GreenSmooth31 has taken their place and is using most of the Twitter accounts that TrentLee and CapriGal were using previously.


Duane Browning

1 comment:

Unknown said...

I found your blog while trying to research someone that sent me a comment on twitter linking to a free webcam for porn.

here's the message (i also have a screen shot; i just couldn't post it with this comment:

adrienne mckenzie ‏@adriennemcken10
good @slaissle @GreenSmooth31 god your beautiful
Collapse Reply Retweet Favorite
9:06 AM - 17 Dec 12 · Details