qrivnote.com

https://qrivnote.com/

104.21.82.17 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

21 days

HTTP

200 · 23.4s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "qrivnote - Send notes that self-destruct after being read."

Save

Domain Intelligence: qrivnote.com

Scanned 2 times since Feb 17, 2026, 02:59 AM UTC

✗ Critical (100)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Privnote

Credential Phishing

technology | ecommerce | finance | cryptocurrency | education · 4/5/2026

Summary

This page at qrivnote.com purports to mirror Privnote functionality (send self-destructing notes) but the domain is a typosquat of Privnote (1 character off). The page title and UI describe a note-sharing service, with a login/password field present in static HTML, and assets referencing qrivnote branding. The combination of a new domain, official-looking UI, and credential fields strongly indicates credential phishing aiming to harvest user passwords under the Privnote impersonation.

Attack Techniques (5)

Typosquat domain (qrivnote.com vs privnote.com)Brand cloning via SPA-style UI loaded from the impersonated domainLogin form with password input designed to capture credentialsBrand assets (logo, page title) aligned to Privnote look-and-feel while hosted on a suspicious new domainExternal script loading and Cloudflare/WAF presence used to resemble legitimate hosting while targeting victims

Indicators of Compromise (8)

▸DOMAIN: qrivnote.com (one character away from privnote) as an IOC

▸PAGE TITLE: 'qrivnote - Send notes that self-destruct after being read.' which mimics Privnote messaging

▸LOGIN FORM present in static HTML with password input and POST action to /

▸SCRIPT filenames including appended version parameters and common UI libs (jquery.min.js, sweetalert2.min.js)

▸Assets loaded from qrivnote.com and a Cloudflare beacon script indicating a bot/WAF-friendly site

▸SSL cert issued to qrivnote.com by Google Trust Services, valid Feb-May 2026 (new domain)

▸Domain age 21 days; registrar WebNic.cc with abuse prevalence signals

▸Page mentions self-destructing notes and password-protected notes consistent with Privnote clone

Risk AssessmentUsed in abuse reports

The site qrivnote.com is a newly registered domain (21 days) that visually imitates Privnote, a known note-destructing service. It uses a Privnote-like page title, branding assets (logo, icons) and a login/password field to capture credentials. The presence of a login form on a typosquatted domain, combined with a matching UI and brand signals, constitutes a high-risk credential phishing attempt. The site employs common JS assets and Cloudflare usage, but the core signals—domain similarity, impersonated branding, and credential capture interface—confirm malicious intent and target victims seeking Privnote-like functionality.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence