.XYZ Domain Being Squatted On By Malware Scammers

Scammers Are Using A Cloaked .XYZ Domain to Force People To Pay To Stop PopUps

The .XYZ registry is the latest to get used by someone running a Malware Scam, this time it’s on the domain Baseball-Refrence.xyz. If you’re unaware, Baseball-Reference.com is one of the three most visited baseball related sites online.


Earlier today I noticed that Baseball-Reference.XYZ was linking to a site we monitor. In actuality the .Com is the site that is supposed to be linking, not the .XYZ site. It turns out however that the .XYZ site is just cloaking the .Com site, effectively pretending to be the .Com site.

After going to the .XYZ site, we noticed that if you click on anything within the site, it connects to some site that’s warning that Malware has been installed on your machine, and to call a phone number in order to be able to get rid of it. The site then tries to force the browser to re-open the same page, essentially hoping to force the consumer to have to call to make this headache end.baseball-ref.xyz

The domain seems to be registered to someone in China.

Screen Shot 2015-08-21 at 5.09.39 PM

We’ve said it before, we’ll say it again, the new GTLD expansion is creating massive opportunities for fraudsters. Will the industry ever have any real mechanisms in place to prevent this type of activity.

Let us know in the comments section if you think that there need to be stricter controls in place to prevent this type of behavior? Or do you think that a registry or registrar should be held responsible for not preventing this kind of blatant behavior to take place?

Please note that we would suggest that you not actually go to Baseball-Reference.xyz, but if you do, DO NOT CLICK ON ANYTHING.