When anyone visited parser.fish, they would be redirected to a Vietnamese-based site masquerading as the French bank BRED (Banque régionale d’escompte et de dépôts), which would try to hoover up their credentials.
Parser.fish is registered anonymously with the Toronto-based hosting service, Tucows. This isn’t usual (hell, I think I have a few anonymously-registered domains myself), but it makes it almost impossible to figure out who owns the site, and how it came to be compromised. The most likely explanation is that the site was hacked.
Fortunately, the site has since been purged of the malicious code.
The .fish generic TLD has been around for a while now. It’s one of the several new top-level domains available that aren’t linked to a particular geography — like .sexy, .tech, and .xyz. One assumes that .fish is targeted at those with an interest in all-things aquatic.
It hasn’t had much uptake though. According to Netcraft, only one .fish and .fishing domain feature in the site’s list of the top million websites, and the company is aware of only 6,000 sites using the TLD.
That aside, one has to ask, what’s next? Can we expect to see a Ransomware command-and-control server under the umbrella of a .security or .protection domain? An .insurance domain used to dump stolen databases?