privnote.me

https://privnote.me/

37.27.38.192 · Hetzner Online GmbH

Location

Helsinki, Finland

Domain Age

—

HTTP

200 · 17.7s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Privnoted - Send Self-Destructing Encrypted Notes Online Free"

Save

Domain Intelligence: privnote.me

Scanned 2 times since Feb 22, 2026, 03:58 AM UTC

⚠ Medium (50)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Privnote

Credential Phishing

technology | ecommerce | finance | other · 4/5/2026

Summary

The page at privnote.me presents a Privnote-like interface and uses the Privnote branding in the page title and header, but is hosted on a different domain. This appears to impersonate Privnote to harvest credentials or notes via a SPA-rendered form. The domain contains the Privnote brand name and the page uses Privnote visual assets (logo, styling) loaded from privnote.me, with a dynamic note-creation UI that could capture user input.

Attack Techniques (5)

Domain uses Privnote branding (privnote.me) while impersonating Privnote functionalitySingle-Page Application (SPA) approach with dynamic forms rendered by JavaScript (no static login form in HTML)Brand assets and logos loaded from the same impersonating domain (privnote-logo.svg, style.css, JS bundles)SSL certificate issued recently (Let's Encrypt) on a new domain, suggesting ephemeral phishing setupURL path and page title explicitly reference Privnote, increasing user trust to exfiltrate data

Indicators of Compromise (5)

▸DOMAIN: privnote.me (potential impersonation of Privnote)

▸Page title contains 'Privnoted - Send Self-Destructing Encrypted Notes Online Free' which closely resembles Privnote

▸Network requests loading https://privnote.me/js/app.js and other Privnote assets

▸Assets: /img/privnote-logo.svg, /css/style.css loaded from privnote.me

▸SSL cert subject CN=privnote.me, issued Feb 2026 (valid 4 days prior to scan) indicating fresh domain

Risk AssessmentUsed in abuse reports

Scanner observed a domain impersonating a known brand (Privnote) with page title and header referencing Privnote, but hosted on privnote.me. The page exhibits SPA behavior rendering credential capture UI via dynamic JavaScript bundles (app.js, common.js) despite no static login form. The combination of brand-mimicking visuals, new SSL certificate, and dynamic credential collection flow is a strong phishing indicator intended to harvest sensitive notes or credentials. Abusive use could lead to credential theft and data leakage; block or suspend domain and investigate hosting/provider alignment with Privnote brand.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence