Security News > 2021 > January > Perl.com domain stolen, now using IP address tied to malware
The domain name perl.com was stolen and now points to an IP address associated with malware campaigns.
On January 27th, Perl programming author and Perl.com editor brian d foy tweeted that the perl.com domain was suddenly registered under another person.
Intellectual property lawyer John Berryhill later replied to the tweet that the domain was stolen in September 2020 while at Network Solutions, transferred to a registrar in China on Christmas Day, and finally moved to the Key-Systems registrar on January 27th, 2020.
It wasn't until the last transfer that the IP addresses assigned to the domain were changed from 151.101.2.132 to the Google Cloud IP address 35.186.238[.]101. When visiting the site, users are greeted with a blank page.
In 2019, the IP address 35.186.238[.]101 was tied to a domain distributing a malware executable [VirusTotal] for the now-defunct Locky ransomware.
More recently, a malware [VirusTotal] that appears to be an ad clicker is using the following domains as command and control servers.