1/43) Java exploit being distributed by 188.8.131.52 via injection attacks. One example is injected obfuscated code pointing to tualette.ce.ms/content/field.jar but there are probably lots of these. Currently only Sophos detects this as Exp/20100840-B.
Blocking all traffic to 184.108.40.206 is the quickest way to protect against this particular attack, it might be worth blocking 220.127.116.11/28 as in case this is a bad block.
The domains on 18.104.22.168 are a mix of crappy free domains, hijacked GoDaddy domains and a few others. I have identified the following sites, although I suspect there are many more: