Just an update folks. Whilst the sites are still live, the downloads appear to have gone *for now* (pretty confident they'll be back). I did hear back from Redstation, who asked for evidence, and such was passed to them.
If you've paid for ANY of the software they're scamming and infecting for, contact your credit/debit card company and ask for a charge back.
In the case of these particular domains, the company responsible for the scams (and likely for the malware aswell, given the source is the same domains), is;
Company: Soletto Group, S.A.
aka: Nextcard Ltd, Netlink Network Corp
ICO Reg. Number: Z2140425
Phone Support: 02071939823
Contrary to their UK phone number, they're not UK based, they're actually in Panama;
Soletto Group S.A.
ADR Tower, 8th floor,
Samuel Lewis Avenue, and 58th Street,
Phone: +507.6022067111 (voice) +507.111111
Check your bills for any reference to this name, or indeed, any other name you do not recognize, and report it both to your local police force, and to the credit/debit card company.
I'm continuing to monitor them, both for new domains, and incase they popup elsewhere (we already know they're using OVH aswell), and I'll update you when further information comes to light.
WARNING: Malware, scams and RedStation (AS35662, 18.104.22.168/20)
Legitimate Software Typosquatted in SMS Micro-Payment Scam