Domain Stolen, Now Using IP Address of Past Malware Campaigns

“The domain name was stolen and now points to an IP address associated with malware campaigns,” reports Bleeping Computer: is a site owned by Tom Christiansen and has been used since 1997 to post news and articles about the Perl programming language. On January 27th, Perl programming author and editor brian d foy tweeted that the domain was suddenly registered under another person. Intellectual property lawyer John Berryhill later replied to the tweet that the domain was stolen in September 2020 while at Network Solutions, transferred to a registrar in China on Christmas Day, and finally moved to the Key-Systems registrar on January 27th, 2020.

It wasn’t until the last transfer that the IP addresses assigned to the domain were changed from to the Google Cloud IP address 35.186.238[.]101…

On the 28th, d foy tweeted that they have set up temporarily at for users who wish to access the site until the domain is recovered…

d foy has told BleepingComputer that it is not believed that the domain owner’s account was hacked and that they are currently working with Network solutions and Key-Systems to resolve the issue. “I do know from direct communication with the Network Solutions and Key Systems that they are working on this and that the domain is locked. Tom Christiansen, the rightful owner, is going through the recovery process with those registrars.”

“Both registrars, along with a few others, reached out to me personally to offer help and guidance. We are confident that we will be able to recover the domain, but I do not have a timetable for that,” d foy told BleepingComputer.

The IP address that is now hosted has a long history of being used in older malware campaigns and more recent ones.

“Anyone using a host for their CPAN mirror should use instead,” advises an announcement page today at, which d foy tweeted “is now going to be the source for the latest info.”

On Thursday d foy tweeted that “There’s no news on the recovery progress. Everyone who needs to be talking is talking to each other and it’s just a process now.”