Second update to this, and I'm pleased to announce, Redstation forced their customer to disable the sites completely (Redstation didn't want them on their network). A quick check has revealed those still resolving to the RedStation range, are now dead (sites resolve but fail to load), and those spewing malware, are now parked at parkwebwin-v03.prod.mesa1.secureserver.net (GoDaddy parking server).
I'm still monitoring them to see where they go next, and am also still on the lookout for new domains popping up.
A special thank you to Redstation for acting to promptly is deserved I think.
WARNING: Malware, scams and RedStation (AS35662, 18.104.22.168/20)
Legitimate Software Typosquatted in SMS Micro-Payment Scam