# revoking.network — MALICIOUS

> Stay safe online by avoiding revoking.network, a high-risk site impersonating Jupiter. Do not interact with this domain and ensure your security tools are.

## Summary
PhishDestroy identifies revoking.network as a high-risk brand impersonation threat targeting the Jupiter brand. This domain was designed to mimic Jupiter’s branding, using a page titled "Portfolio | Jupiter" to deceive users into believing it is a legitimate site. Such impersonation attempts can be leveraged for phishing or other fraudulent activities.

The domain was registered through the US-ZHOUTI-NET-01 network with ASN 400992 and resolves to IP address 23.177.185.92. It has appeared on three separate security blocklists, signaling prior detection by multiple security entities. VirusTotal analysis flagged the domain with 14 out of 95 security vendors identifying it as malicious, further confirming its threat potential.

Currently, revoking.network is offline, mitigating immediate risks. Users are advised to remain vigilant and avoid any interactions with this domain or similar impersonation sites. Keeping endpoint protection updated and monitoring for related phishing attempts is recommended to prevent exposure to such threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Jupiter
- Page title: Portfolio | Jupiter

## Domain Intelligence
- Registrar: US-ZHOUTI-NET-01 (ASN: 400992)
- IP: 23.177.185.92
- IP Country: US
- IP City: Fremont
- IP Org: AS400992 ZhouyiSat Communications
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a4cb9-1756-76e7-ad9d-d87fbc34b808.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/21ab4181-8504-476d-bde6-e1e24b4d926f
- PhishDestroy: https://phishdestroy.io/domain/revoking.network/
- LLM endpoint: https://phishdestroy.io/domain/revoking.network/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/revoking.network/
Last updated: 2026-03-19