For probably 20+ years, I used dotster-dot-com as my registrar. (I suppose they are now owned by domains-dot-com, because that's where my auto-renew bills come from.) Well about a month ago I registered a sandbox domain. Just cheap a .XYZ domain so I could more easily test web servers. I haven't used it, and left it parked at DOTSTER. Well yesterday, for the first time, I just plugged my domain into a browser to see the "parked page" looked like. At first glance there was a simple message displayed, something like "This website has not yet been developed". But then, after about 20 seconds, an obvious hacker message appeared. It masquerades as a Microsoft Windows alert page (you've all probably seen it). Further, the browser would all but lock up, and a voice even came on with 'a warning... "your computer has been compromised" (blah blah blah) and there was an alert box demanding my windows key and such.
So here's the thing. I reported the issue to the registrar. They did verify there was some kind of malicious script there and removed it. So now my "parked page" just points to a harmless forbidden message (probably their generic 500.html page). But I went further asking for an investigation and they refused. All they would do is "scan" MY account and files (there are no files, because I have no FTP or hosting account with them). I persisted, sending them the contents of their hacked default "park" page in a zip file so they could analyze. I further suggested they could verify by test-registering a page on their own site (as I did), and seeing for themselves that their "parked page" is hacked. They refused, saying "it sounds like you have a browser problem... try clearing your cache..." (etc... you know, the usual "its your fault" kind of customer service.) Further, they would not examine or open the ZIP file I sent, for "security reasons".
If that is the extent of their "caring" about security, I'll be moving my domains to other registrars as renewals come in. (recommendations welcome). But my concern is that they still have the problem, and any poor unsuspecting developer who registers a domain there and leaves it parked will be opening their visitors to this same hacker attempt. For all I know, if a business went to that hacked domain and didn't realize it was BS (or knew to force their browser to shut down with the Windows task manager), then the owner of that registered domain could be held legally liable for the downtime of the business (or losses if they fell for the scam!)
So after several "back and fourth" emails with DOTSTER, and knowing they have no intent on doing anything else, should I turn them in to ICANN? Would I need special authority to do so (I don't have any account on the ICANN site). I'm not sure really what to do, but I feel like I should do something to protect others.