It wasn’t until the last transfer that the IP addresses assigned to the domain were changed from 220.127.116.11 to the Google Cloud IP address 35.186.238[.]101…
On the 28th, d foy tweeted that they have set up perl.com temporarily at http://perldotcom.perl.org for users who wish to access the site until the domain is recovered…
d foy has told BleepingComputer that it is not believed that the domain owner’s account was hacked and that they are currently working with Network solutions and Key-Systems to resolve the issue. “I do know from direct communication with the Network Solutions and Key Systems that they are working on this and that the perl.com domain is locked. Tom Christiansen, the rightful owner, is going through the recovery process with those registrars.”
“Both registrars, along with a few others, reached out to me personally to offer help and guidance. We are confident that we will be able to recover the domain, but I do not have a timetable for that,” d foy told BleepingComputer.
The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.
“Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead,” advises an announcement page today at Perl.org, which d foy tweeted “is now going to be the source for the latest http://Perl.com info.”
On Thursday d foy tweeted that “There’s no news on the recovery progress. Everyone who needs to be talking is talking to each other and it’s just a process now.”