Kurt
I am a sucker for "Has anyone..." every time!
If I were them - or consulting them - I would put those Pay Now twangers front and center! Took me a couple minutes to find them under [Plans]
I got sidetracked by the misspellings and such - clearly not English as a first language, IMHO. [Refunds] tab caught my eye... Gobble-de-goop meaning nothing
https://www.dropbox.com/s/fz698cful5y2whx/ZavionRefundPolicy.rtf?dl=0 if anyone cares to read it in TextEdit made .RTF - they even misspelled their own name in it!
WhoIS = GoDaddy registrar
Visual TraceRoute = Switzerland(?spoofed?) Hosted
Safari (vintage) doesn't like the Certificate
Although the OP's description did not quite rise to the level of "ransomware" (thanks John Galt, Pulitzer for that) - more like P.T. Barnum's quote, methinks - I wonder what GoDaddy would think of their name and "Trust Certificate" being plastered all over these characters' site?
As thomas_r has advised, clean wipe seems in order - although my investigation did not show any level of sophistication - WHY wouldn't they attack me when I visit their site? Kurt too? We painted targets on ourselves by visiting the doggone place!
I guess they hired someone with a bit more ambition - " Why wait for them to come to us, Alexandrovich? We go to THEM! Invade Ukraine? Bah! We invade Amerika! "