1/43) Java exploit being distributed by 184.108.40.206 via injection attacks. One example is injected obfuscated code pointing to tualette.ce.ms/content/field.jar but there are probably lots of these. Currently only Sophos detects this as Exp/20100840-B.
Blocking all traffic to 220.127.116.11 is the quickest way to protect against this particular attack, it might be worth blocking 18.104.22.168/28 as in case this is a bad block.
The domains on 22.214.171.124 are a mix of crappy free domains, hijacked GoDaddy domains and a few others. I have identified the following sites, although I suspect there are many more: