Perl.com Domain Stolen, Now Using IP Address of Past Malware Campaigns

“The domain name perl.com was stolen and now points to an IP address associated with malware campaigns,” reports Bleeping Computer: Perl.com is a site owned by Tom Christiansen and has been used since 1997 to post news and articles about the Perl programming language. On January 27th, Perl programming author and Perl.com editor brian d foy tweeted that the perl.com domain was suddenly registered under another person. Intellectual property lawyer John Berryhill later replied to the tweet that the domain was stolen in September 2020 while at Network Solutions, transferred to a registrar in China on Christmas Day, and finally moved to the Key-Systems registrar on January 27th, 2020.

It wasn’t until the last transfer that the IP addresses assigned to the domain were changed from 151.101.2.132 to the Google Cloud IP address 35.186.238[.]101…

On the 28th, d foy tweeted that they have set up perl.com temporarily at http://perldotcom.perl.org for users who wish to access the site until the domain is recovered…

d foy has told BleepingComputer that it is not believed that the domain owner’s account was hacked and that they are currently working with Network solutions and Key-Systems to resolve the issue. “I do know from direct communication with the Network Solutions and Key Systems that they are working on this and that the perl.com domain is locked. Tom Christiansen, the rightful owner, is going through the recovery process with those registrars.”

“Both registrars, along with a few others, reached out to me personally to offer help and guidance. We are confident that we will be able to recover the domain, but I do not have a timetable for that,” d foy told BleepingComputer.

The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.


“Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead,” advises an announcement page today at Perl.org, which d foy tweeted “is now going to be the source for the latest http://Perl.com info.”

On Thursday d foy tweeted that “There’s no news on the recovery progress. Everyone who needs to be talking is talking to each other and it’s just a process now.”