It was bound the happen, after having their IPs killed a few days ago, and I'm actually surprised it took them this long, but alas as of the 28th, there's yet more malicious fake AV domains via Tucows (wonder if Tucows are actually going to put a stop to this?).
Some of these are living on 184.108.40.206/24, owned by AS51786 HAKVA LLC 2H Akva Group. Not surprisingly, this AS has a history of serving up maliciousness in the form of everything from fake AVs to trojans to exploits, and a bit of everything else inbetween.
Others are living at 220.127.116.11, which is owned by SoftLayer (yet another AS with a history of housing malicious content).
I've added the domains to hpHosts and MDL, and Malwarebytes' AntiMalware users will be pleased to know, the IPs being used, are already blocked by the IP Protection facility :o)