https://prlynote.com/notes
172.67.178.61 · Cloudflare, Inc.
Toronto, Canada
0 days ⚠
200 · 14.5s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
prlynote.com
Vendors
30/31
Status
partial
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page presents a note-sharing interface with a self-destruct concept, but the domain prlynote.com is a Typosquat near Privnote (privnote.com). The page visually imitates a note-sharing service and includes a password field, a note textarea, and UI elements resembling Privnote, supported by domain similarity signals and the user-facing branding text. While there is no definitive credential harvesting form observed in static HTML, the combination of typosquatting signals, new domain age (0 days), and Privnote-like assets strongly suggests impersonation risk. The observed network activity includes a POST to a rum endpoint and assets such as privnote-logo.svg, further reinforcing the impersonation cue.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 1
Password fields: 3
Late-stage login UI: No
Resource Signals
Resources: 13
Hosts: 2
Domains: 2
Suspicious Endpoints
hxxps://prlynote[.]com/notes/
hxxps://prlynote[.]com/notes/api/send.php
The scan indicates strong impersonation signals: domain is a near-match typosquat of Privnote, combined with Privnote-like branding assets (privnote-logo.svg), UI cues, and a password field. Although the page does not show a direct credential submission form in static HTML, the presence of a password field and a self-destruct note interface on a newly issued domain strongly suggests phishing impersonation aimed at harvesting credentials or data. The use of a Cloudflare-provided script and a rum endpoint for POSTs may indicate data exfiltration or beaconing. Given these signals, this appears to be a first-party impersonation abuse with probable credential-dishonest intent.
Suspend Domain