1/43) Java exploit being distributed by 126.96.36.199 via injection attacks. One example is injected obfuscated code pointing to tualette.ce.ms/content/field.jar but there are probably lots of these. Currently only Sophos detects this as Exp/20100840-B.
Blocking all traffic to 188.8.131.52 is the quickest way to protect against this particular attack, it might be worth blocking 184.108.40.206/28 as in case this is a bad block.
The domains on 220.127.116.11 are a mix of crappy free domains, hijacked GoDaddy domains and a few others. I have identified the following sites, although I suspect there are many more: