Account Trafficking Websites in December 2024
This report examines the illicit online trade of aged and verified accounts for platforms like social media, email, and Google Ads. These accounts, often obtained through hacking or phishing, are valuable for bypassing security and leveraging established trust. They fuel a range of activities, from grey-area marketing tactics to serious crimes like fraud and disinformation, highlighting a significant security risk and a growing challenge in the digital landscape.
Details
In December, 2024, over 100 newly registered domains were observed hosting websites alleging to sell pre-verified and aged accounts. These additions to the burgeoning illicit online market for aged and verified accounts alleged to sell accounts across a range of platforms including social media, email providers, cloud services, and advertising networks like Google Ads. These underground marketplaces cater to a demand for pre-existing, reputable digital identities, often acquired through illicit means such as data breaches, phishing scams, or account takeovers.
Buyers are drawn to these accounts for a variety of reasons, primarily the ability to bypass security measures and leverage the established trust associated with older or verified profiles. While some may employ these accounts for seemingly innocuous purposes like gaining an edge in social media marketing or accessing region-locked content, a significant portion fuels malicious activities, including spam campaigns, fraud, disinformation dissemination, and even more nefarious operations.
This investigation will delve into recently configured domains and websites in the ecosystem of these account markets, examining the types of accounts traded and techniques employed to drive traffic to their sites.
Cloud and BHW Accounts
Based on domain registration overlaps, the following 3 domains were likely created by the same actor. The websites advertise the sale of cloud accounts from top providers as well as ads accounts, Apple developer accounts, Google Voice accounts, and payment gateway accounts such as Amazon Pay and Cash App accounts. The site alleges the accounts are pre-verified and customers are granted full access to the accounts.
- IP ISP: Hostinger International Limited
- IP Country: US
- Website Title contains all: buy, account
topcloudacc[.]com
acctrusted[.]com
buybhwaccounts[.]xyz
Domain `topcloudacc[.]com` purports to sell AWS, Cloud, Ads, and other accounts.
Website Title: “Buy AWS Account | Best 32-vCPU & Credit Account – 2025”



Domain `acctrusted[.]com` purports to sell cloud accounts for AWS, Azure, Vultr, DigitalOcean and others for sale.
Website Title: “Buy AWS Accounts | Best Vcpu & Credit Account For Sale 2024”

Domain `buybhwaccounts[.]xyz` purports to sell AWS, Google Cloud, Oracle, Digital Ocean, Ads Accounts, and BHW accounts.
Website Title: “Buy BHW Accounts – BHW Accounts For Sale – buybhwaccounts[.]xyz”

Domain `isp-rebellion[.]com` purports to sell Apple 2FA Accounts.
Website Title: “Apple 2FA Accounts for Sale”

Social Media Accounts for Sale
Domain `regularpva[.]com` purports to sell a variety of social media, email and dating accounts such as Facebook, Instagram, Gmail, Outlook, Twitter, and Yahoo.
Website Title: “Buy Social Media Accounts – Social Media Pages for Sale – SecurePVA”

Domain `shiftxchange[.]biz` purports to be a marketplace for buying and selling social media accounts among other alleged service offerings.
Website Title: “Social Media Accounts for Sale”

Domains twitterxarena[.]com and redditarena[.]com both redirect to discordarena[.]com and purport to sell premium aged social media accounts including Discord and Reddit.
Website Title: “Premium Aged Discord Accounts for Sale | Discord Arena”

Domain `redditaccsbuy[.]com` purports to sell aged reddit accounts
Website Title: “Reddit Accounts with Karma for Sale | Buy Verified, Aged Reddit Accounts Instantly | Affordable Reddit Account Marketplace”

Examining One Such Network: Aged Google Ads Accounts for Sale
Over 100 identical websites were created in December, 2024 purporting to sell aged Google Ads accounts and invite codes to illicit marketplaces. For awareness, selling or buying Google Ads accounts is a violation of Google’s terms of service. Aged accounts might be perceived as having more authority or being less likely to be flagged for suspicious activity, making them attractive to those trying to game the system.

Registration Overlaps:
- Registrar: Dynadot LLC
- Name Server: cloudFlare.com
- Server Type: CloudFlare
- ISP IP: CloudFlare Inc.
- Domain Name or Website Title contains: google ads or adwords
During December 2024, 128 domains were identified with nearly identical domain registration details. All domains were configured with nearly identical website content. The websites contain links to illicit marketplaces such as credit card number verification and acquisition services, and illicit Russian markets. The websites also contain multiple links with the other 128 domains such that all 128 domains have websites directing traffic to each other.
This configuration of interconnected website links is characteristic of search engine optimization (SEO) manipulation techniques. Specifically, in also considering the illicit content of these websites, this activity may be created solely to build backlinks to a main “money site” to manipulate search engine rankings typically referred to as a Private Blog Networks (PBN). PBNs can be a particularly effective SEO manipulation technique as search engines like Google consider backlinks as a signal of authority. The more backlinks, the higher the ranking. PBNs attempt to artificially inflate these rankings to drive traffic to their main sites. As such, search engine providers may penalize these networks and main sites by dropping their search rankings or completely removing them from search results.
Example Google search query results for Google Ad accounts for sale:


Conclusion
In conclusion, the illicit market for aged and verified accounts across social media, email, and advertising platforms represents a persistent and evolving threat. Resold accounts are often acquired through illegitimate means and through account farming and reselling. Aged and pre-verified accounts provide a foundation for a spectrum of illicit and grey-area activities, ranging from spam campaigns, fraud, obfuscated ownership of hosting malicious resources on cloud providers, to manipulating online discourse.
This activity underscores the critical need for enhanced security measures and robust verification processes by platform providers. Detecting and mitigating account handoff behaviors, such as suspicious login patterns or unusual activity spikes, is crucial to prevent the reselling and abuse of verified accounts. Furthermore, marketing and sales teams must exercise heightened vigilance when encountering accounts with seemingly high engagement or suspicious activity. Aged or re-verified accounts may appear more legitimate, but their origins should be carefully scrutinized.
Proactive threat intelligence, increased awareness among users and businesses, and collaborative efforts between platforms, law enforcement, and cybersecurity researchers are essential to combat the acquisition and exploitation of these compromised accounts, which continue to undermine the integrity and trustworthiness of the digital landscape.
Appendix
Google Ad Account domains related by overlapping registration and hosting details | adwordsad[.]cv adgoogle[.]cv googlead[.]cv adgoogle[.]my googlead[.]my googleadwords[.]biz adgoogle[.]shop adsgoogle[.]tube googleadwords[.]tube googlead[.]best adgoogle[.]blog googlead[.]shop adgoogle[.]best adgoogle[.]cyou googlead[.]co googleadwords[.]bond adgoogle[.]qpon adgoogle[.]sbs adgoogle[.]pro googleadwords[.]lol googlead[.]cheap adgoogle[.]me googlead[.]asia googlead[.]vip adsgoogle[.]lat adgoogle[.]help googlead[.]pro googleadwords[.]help googlead[.]lat adgoogle[.]click googlead[.]info googlead[.]click adgoogle[.]one googleadwords[.]top adgoogle[.]lat adsgoogle[.]lol adgoogle[.]tube adgoogle[.]bet googlead[.]bet googlead[.]lol googlead[.]me adgoogle[.]vip adgoogle[.]top googlead[.]bid googlead[.]cc adgoogle[.]bid googlead[.]one adgoogle[.]cc adsgoogle[.]bond adgoogle[.]info googleadwords[.]beauty googlead[.]beauty adsgoogle[.]pics adgoogle[.]xyz adwordsad[.]me adwordsad[.]sbs adwordsad[.]shop adwordsad[.]co adwordsad[.]blog adwordsad[.]biz adwordsad[.]best adwordsad[.]my adwordsad[.]cyou adwordsad[.]org adwordsad[.]art adwordsad[.]one adwordsad[.]click adwordsad[.]pro adwordsad[.]asia adwordsad[.]vip adwordsad[.]bet adwordsad[.]tube adwordsad[.]bid adwordsad[.]cc adwordsad[.]icu adwordsad[.]lol adwordsad[.]pw adwordsad[.]info googleadwords[.]cv adsgoogle[.]cv adsgoogle[.]sbs adsgoogle[.]best adsgoogle[.]blog adsgoogle[.]cyou adsgoogle[.]pro adsgoogle[.]icu adsgoogle[.]click adsgoogle[.]one adsgoogle[.]bid googleadwords[.]icu googleadwords[.]shop googleadwords[.]my googleadwords[.]lat googleadwords[.]club googleadwords[.]info googleadwords[.]cheap googleadwords[.]me googleadwords[.]bid googleadwords[.]org googleadwords[.]click googleadwords[.]vip googleadwords[.]best googleadwords[.]blog googleadwords[.]cloud googleadwords[.]cc googleadwords[.]buzz googleadwords[.]cfd googleadwords[.]cyou googleadwords[.]pro googleadwords[.]sbs buyadwords[.]cv buyadwords[.]bid buyadwords[.]org buyadwords[.]vip buyadwords[.]click buyadwords[.]one buyadwords[.]my selladwords[.]cv selladwords[.]click selladwords[.]co buyadwords[.]sbs buyadwords[.]icu selladwords[.]xyz selladwords[.]com selladwords[.]shop |
Social Media Accounts | redditaccsbuy[.]com user-sale[.]com regularpva[.]com shiftxchange[.]biz twitterxarena[.]com redditarena[.]com discordarena[.]com |
Game Accounts | atshopr[.]com nonlethalweaponsbook[.]com mysticmisery[.]com roadaccounts[.]com fndrop[.]com fortniteaccs[.]com accountshubs[.]com bootybay[.]gg totalbattleaccounts[.]com |
Apple 2FA Accounts | isp-rebellion[.]com |
Cloud and BHW Accounts | buybhwaccounts[.]xyz acctrusted[.]com topcloudacc[.]com |
Retail Accounts | instantaccountshop[.]com |