mass.report
Scan Intelligence Report0/100
critical Risk
bossnet.az
https://bossnet.az/portal/medieval-competitors-voting-authentication-v5a4v1d9q7q1i9n4i9y1xxs
IP
185.32.47.214 · Bossnet LLC
Location
Baku, Azerbaijan
Domain Age
—
HTTP
200 · 24.1s
SSL
Valid· R13, Let's Encrypt, US
Status
COMPLETED
Domain Intelligence: bossnet.az
Scanned 4 times since Mar 9, 2026, 12:41 PM UTC
✗ Critical (100)
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Jagex
Vendors
30/30
Status
completed
✓ avast✓ avg✓ drweb✓ polyswarm✓ norton✓ sophos✓ yandex✓ eset✓ bitdefender✓ microsoft✓ brightcloud✓ apple✓ cisa✓ netcraft✓ openphish✓ emsisoft✓ isitphish✓ phishreport✓ apwg✓ spamhaus✓ urlquery✓ urlscan✓ virustotal✓ fortiguard✓ kaspersky✓ phishtank✓ urlabuse✓ google✓ threatyeti✓ mcafee
KB/IOK Matches (1)Mar 9, 2026, 12:41 PM UTC
jagex-login-clone-kit
jagex-login-clone-kit
Directives: skipAi, skipUnblocker, skipMobileVariant
Jagex
Credential Phishinggaming | technology | ecommerce | other · 4/5/2026
Summary
This page appears to impersonate Jagex (title 'Choose how to log in | Jagex') but is hosted on bossnet.az. The SPA-like HTML contains multiple credential-related validation scripts and a redirecting login flow, with static HTML lacking a form but JavaScript likely rendering inputs at runtime. The domain does not match the known brand domain (jagex.com), indicating brand impersonation and credential harvesting potential. The SSL cert is valid but issued by Let’s Encrypt, and the domain age is unknown; the site also loads multiple external assets and suspicious path hints in the URL.
Attack Techniques (4)
Typosquat/brand impersonation evidenced by page title 'Choose how to log in | Jagex' while domain is bossnet.azSPA-style page rendered via JavaScript where forms are populated dynamically (no static login form in HTML)Credential collection logic embedded in multiple JavaScript validation functions (validateForm*, rs-login-submit elements)Brand assets and icons loaded from local bossnet.az paths and font resources (potentially to mimic brand look-and-feel)
Indicators of Compromise (5)
▸DOMAIN: bossnet.az (IOC)
▸PAGE_TITLE: 'Choose how to log in | Jagex' (brand impersonation signal)
▸SCRIPT names and form validation logic in HTML source showing credential capture flow
▸Network requests loading assets from bossnet.az (icon-google.png, osrs-icon.png, etc.) and fonts from fonts.cdnfonts.com (external branding mimic)
▸SSL SAN includes bossnet.az and www.bossnet.az; certificate issued Jan 13 2026, expiring Apr 13 2026
Risk AssessmentUsed in abuse reports
The page presents a high risk phishing scenario: domain bossnet.az is impersonating a recognized brand by displaying a login-redirect flow labeled as Jagex. The static HTML contains no login form, but multiple JavaScript blocks suggest dynamic credential capture. Visual cues from the screenshot indicate generic game branding rather than Jagex branding, but the page title explicitly references Jagex, which is a strong impersonation signal. The site employs a valid TLS certificate from Let’s Encrypt and uses an SPA pattern, which aligns with common credential harvesting setups. The absence of WHOIS data and unknown domain age increase risk in abuse investigations. This should be treated as credential_phishing with high priority for takedown and hosting suspension.
Recommended Action
Suspend Domain
Cross-Reference9
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API