mass.report
Scan Intelligence Report0/100
critical Risk
privenode.com
https://privenode.com/
IP
172.67.163.151 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
1 day ⚠
HTTP
200 · 18.2s
SSL
Valid· E7, Let's Encrypt, US
Status
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Privnote
Vendors
30/30
Status
completed
✓ isitphish✓ polyswarm✓ yandex✓ norton✓ avg✓ apple✓ eset✓ microsoft✓ cisa✓ bitdefender✓ avast✓ drweb✓ brightcloud✓ apwg✓ netcraft✓ mcafee✓ google✓ kaspersky✓ urlscan✓ phishreport✓ virustotal✓ urlabuse✓ threatyeti✓ urlquery✓ spamhaus✓ openphish✓ emsisoft✓ phishtank✓ sophos✓ fortiguard
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
Privnote
Credential Phishingfinance | technology | ecommerce | cybersecurity | other · 4/5/2026
Summary
This page at privenode.com presents itself as Privnote, with a page title and branding that closely mimic Privnote's UI. The domain is not Privnote.com, and the domain intelligence flags typosquatting (privenode vs privnote). The page loads Privnote-like assets (logo, UI copy) and includes a password input, suggesting credential collection via a cloning SPA. The SSL cert is newly issued and the domain is extremely new, indicating high risk of impersonation.
Attack Techniques (5)
Typosquat domain (privenode.com vs privnote.com)Brand impersonation using Privnote UI and content (logo, page title, descriptive text)Cloned SPA with external JS assets to resemble legitimate servicePassword field present on the impersonated login areaLoading brand-typical assets (privenode-logo.svg) and Privnote-like copy
Indicators of Compromise (7)
▸DOMAIN: privenode.com (typosquatting signal relative to Privnote)
▸PAGE TITLE: Privenode - Send notes that will self-destruct after being read
▸LOGO/BRANDING: privenode-logo.svg and UI text mimicking Privnote
▸NETWORK: external scripts and assets mimicking Privnote (logo, style, etc.)
▸FORM: password field present in static HTML, potential credential capture
▸SSL: Let's Encrypt certificate issued 1 day ago for privenode.com
▸WHOIS: domain created 2026-03-07, age ~1 day
Risk AssessmentUsed in abuse reports
The site at privenode.com is a clear impersonation of Privnote. The domain is a near-duplicate spelling variant of Privnote and configured to resemble Privnote's interface, including a logo, page copy, and a password field. The page uses multiple external scripts and loads a Privnote-like logo, indicating an attempt to harvest credentials or sensitive data via clone-controlled UI. The SSL certificate is newly issued (1 day old) by Let's Encrypt, which is common for malicious sites attempting quick, low-friction phishing. Given the strong brand-mismatch signals, this warrants high-priority takedown actions. Recommend suspending the domain and blocking hosting access to prevent victim exposure, and flagging for registrar action due to brand impersonation.
Recommended Action
Suspend Domain
Cross-Reference9
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API