bossnet.az

https://bossnet.az/portal/medieval-competitors-voting-authentication-v5a4v1d9q7q1i9n4i9y1

185.32.47.214 · Bossnet LLC

Location

Baku, Azerbaijan

Domain Age

—

HTTP

200 · 18.7s

SSL

Valid· R13, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Choose how to log in | Jagex"

Save

Domain Intelligence: bossnet.az

Scanned 4 times since Mar 9, 2026, 12:41 PM UTC

✗ Critical (100)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (1)—

jagex-login-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

Jagex

Credential Phishing

technology | gaming | ecommerce | finance | cryptocurrency · 4/5/2026

Summary

The page at bossnet.az presents a login screen styled similarly to Jagex, with a page title Choose how to log in | Jagex. Network activity includes a suspicious POST to malazonafatona.ru/webhook and several external assets under bossnet.az, but the page title and UI imitate a legitimate Jagex login, signaling impersonation. The domain bossnet.az is not the official Jagex domain, indicating brand spoofing and credential harvesting risk.

Attack Techniques (5)

Brand impersonation via login UI resembling JagexTypos/etc not present; domain-brand mismatch indicates phishingExternal and suspicious POST to an external webhook domain (malazonafatona.ru) for data exfiltrationUse of a free SSL certificate (Let's Encrypt) on a new domainStatic HTML with embedded scripts simulating login validation and potential client-side credential capture

Indicators of Compromise (6)

▸Domain: bossnet.az (new/unknown domain) acting as impersonation target

▸Page title: 'Choose how to log in | Jagex' strongly implying Jagex branding

▸POST to https://malazonafatona.ru/webhook (suspicious exfiltration endpoint)

▸Network requests loading brand-like assets (e.g., favicon, portal images) from bossnet.az and external font resources

▸SSL certificate issued for www.bossnet.az by Let's Encrypt (short validity window)

▸Form elements and password field present in static HTML suggesting credential collection

Risk AssessmentUsed in abuse reports

This site is actively attempting to harvest user credentials by presenting a login interface that imitates Jagex. The impersonation is supported by the page title and UI while the domain bossnet.az is not the official Jagex domain. The presence of a POST to an external webhook at malazonafatona.ru indicates data exfiltration to an unknown recipient, reinforcing malicious intent. The combination of a new, self-hosted domain with a valid SSL certificate and copied branding signals high risk of credential phishing; immediate action is warranted including domain suspension and hosting review. The scanner context notes that the page load bypassed cloaking and that a direct access attempt was made, corroborating live credential collection potential.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence