You seem to know enough about situations like this. Perhaps you can answer the following question. Is there any way we can take advantage of this situation and get in touch with ICANN to complain to them directly and ask them to take action, proving they are dealing with a malicious site and site owner?
Usually they do not intervene in these cases. Unless it is really something very big and that involves the competent authorities.
That is why there are registration companies, to manage and control what is done with the domains.
But, there is no problem sending an email.
You are being paid to launch false complaints and harass the hosts, registrars, and owners of news sites and blogs that reported on eXch laundering money for the Lazurus NK hacking group. Conflating news blogs like monero [.] forex with clone/phishing sites like exch [.] cd may confuse low level staffers at web hosts, but not law enforcement.
If this so-called monero(.)Forex has nothing to do with these phishing sites... Why was you using the DNS service of one of these phishing sites? Can you give me a logical explanation for why this happened?
https://whoisfreaks.com/tools/whois/history/lookup/monero.forex