# sowempire.top — SUSPICIOUS

> sowempire.top poses as a phishing site with 0/95 VirusTotal detections. Users should avoid this domain to prevent credential theft or malware exposure.

## Summary
PhishDestroy identifies sowempire.top as an active phishing domain linked to a generic credential harvesting campaign. This domain, registered on March 31, 2026, through Dynadot LLC, resolves to IP 188.114.96.3 and leverages a Let's Encrypt SSL certificate to appear legitimate. With zero detections on VirusTotal (0/95), it remains undetected by most antivirus engines, increasing its potential for successful exploitation. The domain's recent creation suggests it is part of a rapidly evolving threat actor strategy to evade detection through fresh infrastructure.  Technical analysis reveals sowempire.top employs a generic phishing template, likely mimicking trusted services to deceive users into entering sensitive information. The absence of detections on VirusTotal, despite its active status, indicates the domain has bypassed traditional security controls, possibly due to its recent registration and low historical reputation. The use of Let's Encrypt further complicates detection, as legitimate-looking SSL certificates are often exploited to build trust with potential victims. The IP address 188.114.96.3 has been associated with multiple low-reputation domains, reinforcing the likelihood of malicious activity.  Users who have interacted with sowempire.top should treat it as a high-risk threat. Immediate actions include scanning all devices for malware, resetting passwords for accounts potentially exposed, and monitoring financial accounts for unauthorized transactions. Organizations should block this domain at the network level using DNS filtering or firewall rules to prevent further exposure. Reporting the domain to threat intelligence platforms can aid in broader detection and mitigation efforts. Given the domain's low detection rate and active status, proactive blocking and user education are critical to minimizing risks associated with this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-31 06:40:57
- Registrar: Dynadot LLC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/sowempire.top
- PhishDestroy: https://phishdestroy.io/domain/sowempire.top/
- LLM endpoint: https://phishdestroy.io/domain/sowempire.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sowempire.top/
Last updated: 2026-04-09