If you've not already done so, you'll want to block 18.104.22.168 asap. It's currently housing a plethora of domains that are serving malware via exploit.
Payloads are coming from paths such as;
You'll no doubt notice the usual suspects as far as the ccTLD branches (redirection services serving off of ccTLDs such as .cc) are concerned. Reports are being fired off to the host and various service providers as I write this, and should hopefully be down soon.
Just had permission from my friend William (GoDaddy abuse dept), to properly credit him publicly, for notifying me of the IP.