# earlysim.com — SUSPICIOUS

> PhishDestroy identifies earlysim.com as a new SIM card phishing scam created Nov 04, 2025. This domain poses as an 'EarlySim' service with 0/95 VirusTotal.

## Summary
PhishDestroy has identified earlysim.com as an active phishing domain masquerading as a legitimate 'EarlySim' SIM card service. This fraudulent website is designed to deceive users into divulging sensitive personal information, including payment details and SIM card activation codes, under the guise of offering early access to new SIM technology. The threat actor behind this campaign has registered the domain recently—November 04, 2025—and has already begun luring unsuspecting victims through phishing emails, fake ads, or social media promotions. The domain resolves to IP address 172.67.156.58 and uses a Google Trust Services SSL certificate, which may lend false credibility to the fraudulent site.  This domain exhibits several red flags that confirm its malicious intent. According to VirusTotal analysis, earlysim.com currently shows 0 out of 95 security engines detecting it as malicious, indicating that traditional antivirus tools have not yet flagged this threat. The domain was registered through Cloudflare, Inc., which, while not inherently suspicious, is commonly used by threat actors to obscure their identity and evade detection. Additionally, the domain’s recent creation date suggests a hastily launched campaign intended to exploit users before broader awareness spreads. PhishDestroy’s threat intelligence indicates that similar domains typically appear on blocklists within 48–72 hours of discovery, but earlysim.com remains active and undetected by mainstream security tools.  Users who have visited earlysim.com should take immediate action to secure their accounts and devices. First, disconnect your device from any networks and avoid entering personal information such as credit card numbers, SIM card details, or login credentials. If you submitted any data, contact your bank or financial institution immediately to report potential fraud and request card monitoring or replacement. Additionally, scan your device for malware using reputable antivirus software, as phishing sites often deploy tracking scripts or downloaders. Finally, report the domain to your email provider, browser vendor, and organizations like PhishDestroy or Google Safe Browsing to help block future access. Stay vigilant—this domain is likely part of a broader campaign targeting SIM-related services.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-04 15:56:29
- Registrar: Cloudflare, Inc.
- IP: 172.67.156.58

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4d42a8c1-73f3-4b5d-b69b-a0b7df160792
- PhishDestroy: https://phishdestroy.io/domain/earlysim.com/
- LLM endpoint: https://phishdestroy.io/domain/earlysim.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/earlysim.com/
Last updated: 2026-03-28