Re-checking the list of domains previously mentioned, shows they're on the move to a new range. This time owned by known crimeware friendly ISP, ROOT SA (aka Root eSolutions, AS5577 22.214.171.124/19, AS44042). The new IP is 126.96.36.199.
There's only a handful resolving to the new IP at the time of writing, so presumably the rest are awaiting DNS propagation.
WARNING: Malware, scams and RedStation (AS35662, 188.8.131.52/20)
Legitimate Software Typosquatted in SMS Micro-Payment Scam
Crimeware friendly ISPs: root eSolutions