0/100

high Risk

privnout.com

https://privnout.com

82.221.129.39 · Icenetworks Ltd

Location

Reykjavik, Iceland

Domain Age

18 days

HTTP

200 · 15.8s

SSL

Valid· R13, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Privnout - Send notes that will self-destruct after being read"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Privnout

Vendors

30/31

Status

partial

✓ microsoft✓ polyswarm✓ sophos✓ avast✓ brightcloud✓ avg✓ bitdefender✓ chainpatrol✗ eset✓ apple✓ emsisoft✓ urlquery✓ spamhaus✓ urlscan✓ apwg✓ yandex✓ cisa✓ openphish✓ phishreport✓ virustotal✓ drweb✓ isitphish✓ netcraft✓ phishtank✓ urlabuse✓ norton✓ threatyeti✓ google✓ kaspersky✓ fortiguard✓ mcafee

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Privnout

Unknown

technology | finance | ecommerce | other · 4/5/2026

Summary

Privnout is presented at privnout.com with branding that closely mimics Privnote (typosquat: privnout vs privnote). The page shows a note-creation interface and a password input field, with a POST to /rum and external scripts. The domain is newly registered (18 days) and hosts a SSL certificate from Let's Encrypt. The combination of typosquatting signals, password field, and suspicious exfiltration endpoint suggests possible credential-related abuse or data collection, but there is no definitive evidence of credential harvesting on first glance; the page appears to clone Privnote aesthetics, indicating impersonation risk.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸Canonical stage contains password collection UI.

▸POST targets observed during capture: https://privnout.com/rum.

▸Distinctive asset clues: TextEncoderLite.js, promise.js, legacy.css, privnout-logo.svg, privnote-page-flip-30.png.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 1

Password fields: 2

Late-stage login UI: No

Resource Signals

Resources: 25

Hosts: 3

Domains: 3

Suspicious Endpoints

hxxps://privnout[.]com/

Observed Signals (3)

Typosquatting comparison between domain and brand (privnout vs Privnote)Brand impersonation evidenced by logo/text layout resembling PrivnoteExfiltration attempt via POST to /rum

Observed Indicators (1)

▸One password input field present in UI (credential collection potential)

Risk AssessmentUsed in abuse reports

The site uses typosquatting branding (privnout vs Privnote) and shows a password field alongside a note-sharing interface, indicating potential credential harvesting risk. The POST to /rum and presence of exfiltration endpoints raise concern for data leakage. While the page resembles a legitimate note-sharing service, the combination of impersonation signals, new domain, and unusual third-party scripts suggests an abuse scenario worth action. Monitor and verify domain ownership; consider suspending or blocking if abuse evidence strengthens.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence