Hijack: It Is No More A Safe Domain Hijack It Is No More A Safe Domain

On January 27, 2021, the Perl Foundation announced that someone hijacked, a famous Perl Programming Language website that started in 1997. It also declared that it was currently highlighting a parking site. At the same time, it urged users not to visit the domain. It is the case since it detected some signals that the domain might relate to formerly malware distribution websites.

Shortly afterward, the news spread like wildfire on social media and other platforms and sent shockwaves among Perl users. The report suggested that the domain transformed ownership, and the website moved to an alternate server from where it originally got hosted.

Remember, we encounter such scenarios infrequently where a company misremembers to get domain extension before its expiry. Subsequently, the domain name reverts to the pool of available domains. Hence, it allows any buyer to get a hold of it.


LIFARS implements effective remote cyber incident response for mission-critical systems. It does it by deploying a cyberattack response team to the local enterprise environment. We have a great group of experts, deployable virtually anywhere in the world.


Here Is The Real Story of the Hijack.

Over the years, such incidents have occurred with other online entities, including Microsoft’s domain. Also, it took place with Foursquare. On the other hand, the case of is slightly different.

Previously, Network Solutions LLC hosted the website through the Bitnames servers. Suddenly, the ownership of shifted to, a Chinese domain registrar, on December 30, 2020. Later on, the control got transferred to a German domain hosting provider named Key-Systems GmbH on January 27, 2021. It is to note that the servers also changed to Afternic from Bitnames. Allegedly, Afternic seems to belong to GoDaddy.

Soon after the domain got stolen, The Register discovered it available to be purchased on for $190,000. Anyhow, the posting was quickly removed.

Thus, it hints at a classic case of domain hijacking, including the hijack. It occurs when an unauthorized change of DNS configuration happens. Usually, a rogue name server performs the name resolution for the domain.

The attacker modifies registration contact subtleties and receives ownership of the domains legally registered with the attacked entity’s name. Nevertheless, it is essential to highlight that the hijacked website’s content may change entirely or may not change at all. It is not difficult to clone the contents of the previous website. In the wake of doing malicious transfers that target the users, the hijacker can continue with it as usual.

Notably, the reflection of website DNS and hosting changes is not always visible on the website itself. In this way, employing services, for example, Urlscan or The Wayback Machine, won’t generally be useful. Instead, there is a need to zero in on the chronicled DNS examination.

Perl as a Programming Language

Perl is one of the significant programming languages as far as the invisible layers of the Internet and web are concerned. Indeed, it has lost its swag and popularity in recent years, although many systems still rely on Perl. Additionally, many developers leverage the convenience of CPAN (Comprehensive Perl Archive Network). To your surprise, many languages follow the blueprint of CPAN.

In addition to its losing popularity because of other emerging languages, it has now met a significant setback. The hijacking incident of would put many of its users at risk from hackers. It is on the grounds that gets used as a backup for disseminating modules through CPAN. So, it opens up the possibility of hijackers exploiting the given connection to compromise systems using CPAN.

It is undoubtedly a heart-wrenching scenario for all Perl fans to witness a once hugely popular language is going through bad times.

Official Website of the Perl Programming Language

It is essential to bring to your attention that the Perl programming language’s official website is Thankfully, it remains intact and secure.

Final words

Several days ago, the DNS host record returned into legitimate hands, with thanks. It is undoubtedly good news for the owners of and the PERL community. However, some issues with resolving the DNS may persist because of the incident that occurred. Albeit the domain does not seem malicious now, visitors should shun getting to up until the initial registrants can regulate it.

Please visit our cybersecurity advisory and consulting services 24/7 site to get advice on mitigations on evolving cybersecurity threats.




Announcement on the Perl NOC

Here you see the hijack case of the domain

Hijacked domain involving malicious activity

Everything you need to learn: domain, hijacking, and malware actors