Domain Perl[.]com stolen, IP points to a site used for malware campagins

[German]Warning to users who are interested in the Perl programming language and have previously accessed the Perl[.]com domain. The domain has been stolen and the IP has been redirected to an address associated with malware campaigns.


The domain perl[.]com belongs to the Perl Foundation and has been used to publish news and articles about the Perl programming language since 1997. Now the domain has been hijacked. On reddit there is this thread where the whole thing is addressed. The domain perl[.]com (without HTTPS) indicates that it is for sale and there would be advertisements. The whois record of January 27, 2021 indicates an unfriendly takeover. Eintrag zu

Here's a screenshot of the sales message in question that someone posted on Twitter. for sale

A short time later, the unfriendly takeover of the domain perl[.]com by brian d foy was confirmed on Twitte. It seems to have hit more domains according to a follow up tweet.


The colleagues at Bleeping Computer also point out the issue in this tweet and have summarized the state of affairs in this article.

Perl domain stolen

The log files says, that the domain had been hijacked and the recovery process may be ongoing. Here is the excerpt:

Wednesday, January 27, 2021 hijacked

The domain was hijacked this morning, and is currently pointing to a parking site.  Work is ongoing to attempt to recover it.

We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.

  Some users may have it selected as their CPAN mirror.  To update your mirror in use o conf urllist

# perl -MCPAN -eshell
cpan shell — CPAN exploration and modules installation (v2.20)
Enter 'h' for help.

cpan[1]> o conf urllist
Please use 'o conf commit' to make the config permanent!
cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/'

Update 2021-01-28:

  Work is underway to attempt to recover the domain.  If you're looking for the content, you can visit

Bleeping Computer has collected the information, that the domain has been hijacked and is under the attacker's control. The IP address points to a page that was used for malware campaigns. Anyway, the recovery may take some time. The Perl Foundation has set up a replacement site at, where content can be retrieved. 

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *