Something evil on 64.120.137.32/27

64.120.137.32/27 is a range of IP addresses belonging to Network Operations Center Inc in the US and suballocated to a customer which is currently being used in malware attacks as an intermediate step in sending victims to this malicious OVH range.You can see an example of some of the badness in action here.

The range was formerly used by a company called TixDepot but may have been hijacked or reassigned. NOC report the following contact details for the block:

%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NET-64.120.137.32/27
network:Auth-Area:64.120.128.0/17
network:network:NET-64.120.137.32/27
network:block:64.120.137.32/27
network:organization;I:T0000027307
network:address:1205 Oneill Highway
network:city:Dunmore
network:state:PA
network:postalcode:18512
network:country:US
network:admin-c;I:A9000000001
network:tech-c;I:T0000027307
network:abuse-c;I:I9000000001
network:created:20120208221612
network:Updated:20140203010039

About half the domains in this /27 have been flagged as malicious by Google, concentrated on the three IP addresses:
64.120.137.53
64.120.137.55
64.120.137.56

I would recommend blocking the entire /27, but this is the breakdown by IP address with domains tagged by Google highlighted (there's a plain list here)

64.120.137.34
kasorla.biz
kolyamba.biz

64.120.137.35
verybery.biz
dristohren.biz
vedmedical.biz
teasertease.biz

64.120.137.38
koshak.biz

64.120.137.39
meef.biz
www.meef.biz
chubanak.biz

64.120.137.41
jinkee.biz
tongpo.biz
kunuki.biz
omlette.biz

64.120.137.42
war-fear.biz
sleeping-rough.biz
www.war-fear.biz

64.120.137.47
searchsecurely.biz
whitehestence.com

64.120.137.48
webconnection.biz
trafficstatsanalytics.com

64.120.137.51
lohotron.biz
domainishere.biz
happygreentree.biz
plomaternia.com
greendo.biz
continuedomain.biz
personaldomain.biz
trafficqualitycheck.biz

64.120.137.52
swint.biz
elhooase.biz
fazatron.biz
peperrony.biz
pistorios.biz
papabudet.biz
papazdesj.biz
paparjadom.biz
besthitbotfilter.biz

64.120.137.53
hairyegg.biz
eegogo.biz
ilanus.biz
baldball.biz
moisturre.biz
mongoloid.biz
barbarisus.biz
damoinster.biz
horseinwood.biz

64.120.137.54
swineherd.biz
traffzilla.biz
blackfatcat.biz
trafficstation.biz

64.120.137.55
smokeme.biz
domentus.biz
yyynetlop.biz
goodweather.biz
hellparadise.biz
blog.bitcareer.com
bitewixibib.com
cuqerexejef.com
xocysibekyn.com
25blv.xocysibekyn.com
buy.si8a.net
tejedinehyh.net
68qn.tejedinehyh.net
vynifyqicedy.net
7dww.vynifyqicedy.net
vyzogosukoqy.net
ekc63s.vyzogosukoqy.net
bitewixibib.org
qyzuliponag.org
4ah781.qyzuliponag.org
xinuvytevem.org
s6pnl.xinuvytevem.org
xocysibekyn.org
ee5.xocysibekyn.org
hcm.xocysibekyn.org
vynifyqicedy.org
tejedinehyh.info
w0r4n.tejedinehyh.info
vyzogosukoqy.info
n45p6.vyzogosukoqy.info
nolericutis.com
qyzuliponag.com
xinuvytevem.com
cuqerexejef.org
nolericutis.org
tejedinehyh.org
iu1wxx.tejedinehyh.org
nvlrlh.tejedinehyh.org
vyzogosukoqy.org
wotunelurex.info
vynifyqicedy.info

64.120.137.56
en.xzhao.cc
us.yongbao.cc
ca.zhengerle.cc
me.transportesmelladogutierrez.cl
br.youu-and.me
dns.v9v8.com
gr.wew444.com
ls.wew999.com
dns.thejpg1.com
dns.acidcrud.com
dns.agoteenak.com
qajadyhizuli.com
fr.whenisthenextnhllockout.com
dns.uhgy.net
banewyjubuk.net
1qcz.banewyjubuk.net
diwopiroseq.net
7zz.diwopiroseq.net
gulumegesus.net
daij.gulumegesus.net
jadivyludal.net
pnps.jadivyludal.net
kafitetysyr.net
71sdqa.kafitetysyr.net
bucupyfomome.net
8q7.bucupyfomome.net
byqyrabewuti.net
iv3oj.byqyrabewuti.net
qajadyhizuli.net
symirijibimu.net
tusudygonipo.net
qjcd.tusudygonipo.net
banewyjubuk.org
9s33.banewyjubuk.org
ycooet.banewyjubuk.org
gulumegesus.org
8jek7.gulumegesus.org
jadivyludal.org
k64yx9.jadivyludal.org
kafitetysyr.org
hida.kafitetysyr.org
jyc8i.kafitetysyr.org
bucupyfomome.org
rdjjnh.bucupyfomome.org
byqyrabewuti.org
3v7opv.byqyrabewuti.org
qajadyhizuli.org
k8gcj.qajadyhizuli.org
symirijibimu.orgjadivyludal.com
pumiqudiqer.com
vemusiwubixe.com
kecynikamoc.net
3srjc.kecynikamoc.net
komikuxoced.net
pumiqudiqer.net
lejyvicuvagi.net
vemusiwubixe.net
kecynikamoc.org
komikuxoced.org
pumiqudiqer.org
lejyvicuvagi.org
vemusiwubixe.org