1/43) Java exploit being distributed by 18.104.22.168 via injection attacks. One example is injected obfuscated code pointing to tualette.ce.ms/content/field.jar but there are probably lots of these. Currently only Sophos detects this as Exp/20100840-B.
Blocking all traffic to 22.214.171.124 is the quickest way to protect against this particular attack, it might be worth blocking 126.96.36.199/28 as in case this is a bad block.
The domains on 188.8.131.52 are a mix of crappy free domains, hijacked GoDaddy domains and a few others. I have identified the following sites, although I suspect there are many more: