A now-disabled botnet spammed Twitter users with more than 8.6 million tweets that drew 30 million clicks to pornographic, hookup and infidelity-dating websites between February and June, according to digital security firm ZeroFOX.

The botnet, dubbed “Siren” after the beautiful women who lured sailors to their deaths in Greek mythology, leveraged more than 90,000 Twitter accounts.

“By abusing short-link services from Twitter and Google, the botnet engaged with victims in two ways: either directly by quoting one of the target’s tweets, or by leaving the payload visible on their profile bio or pinned tweet,” ZeroFOX researchers noted.

The Twitter botnet may have been related to a similar email spam botnet reported by Brian Krebs of KrebsOnSecurity.com. ZeroFOX researchers said the two operations used similar tactics and drove victims to the same network of websites hosted on five domains. ZeroFOX said two of the domains were owned by Deniro Marketing, which at one time marketed Amateur Match and Online Cupid, among other adult websites.

ZeroFOX called the botnet unique in that it not only used “aged” Twitter accounts but also used a “link rotator” that seamlessly redirected victims through a series of links before depositing them on the terminal site.

“This rotator ingests a connection from the goo.gl redirect and redirects the user again based on a simple user-agent check,” the ZeroFOX team wrote. “If the request comes from an automated program like Python’s request library or cURL, it redirects the connection back to Twitter or Google. Once the rotator deems the client as ‘legitimate,’ it then sends the connection via another redirect to the final URL destination.”

According to ZeroFOX, the botnet campaign did not redirect users to malicious sites.