Fake AVs: Back to using Instra Corporation Pty Ltd

Seems the fake AV gang responsible for these campaigns, have gone from Tucows, back to Instra Corp again. This lot were first created March 24th, and are now being used yet again;

againstvirysscanxp.com
antisixrysscan.com
antisixrysscanxp.com
antivirysprotests.com
antivirysscan.com
antivirysscanonline.com
antivirysscanxp.com
antivirysscanxponline.com
antiviryssee.com
antivirysseexp.com
egyptvirysscan.com
enscanantivirys.com
envirysscanxp.com
enxpscanantivirys.com
myantivirysscan.com
myantivirysscanxp.com
myxpscanantivirys.com
protestsvirysscan.com
senatescanantivirys.com
senatevirysscanxp.com
theantivirysscan.com
theantivirysscanxp.com
thexpscanantivirys.com
webantivirysscan.com
webantivirysscanxp.com
xpscanagainstvirys.com
xpscanantisixrys.com
xpscanantiviren.com
xpscanantivirys.com
xpscanantivirysonline.com

Some are currently resolving to 199.58.187.48 (Instra Corp netblock), and others resolving to a well known crimeware friendly AS, HOSTSERV (AS42741), leased to CompLife Ltd (known criminal host).

inetnum: 46.161.20.0 - 46.161.23.255
netname: HOSTSERV-NET
descr: net for hostserv
country: RU
admin-c: BEV38-RIPE
tech-c: BEV38-RIPE
remarks: Abuse e-mail: godaccs@gmail.com
status: ASSIGNED PA
mnt-by: MNT-PIN
mnt-routes: MNT-PIN
mnt-routes: MNT-COMPLIFE
mnt-routes: ALEXANDRU-NET-TM-MNT
mnt-domains: MNT-COMPLIFE
mnt-lower: MNT-COMPLIFE
source: RIPE # Filtered

person: Banu Efim Vasilyevich
address: Naberegnie chelni, tukaevskii raion, pr. Suumbike 84 kv. 109
phone: +37360065663
nic-hdl: BEV38-RIPE
mnt-by: MNT-PIN
source: RIPE # Filtered

route: 46.161.20.0/24
descr: Complife Ltd.
origin: AS43134
mnt-by: MNT-COMPLIFE
source: RIPE # Filtered

route: 46.161.20.0/22
descr: HOSTSERV-NET
origin: AS42741
mnt-by: ALEXANDRU-NET-TM-MNT
source: RIPE # Filtered