reddingtaxcm.com is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on 184.108.40.206 (NetDirekt, Germany but more below..).
The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.
Although the IP 220.127.116.11 is allocated to NetDirekt (now Leaseweb Germany), it belongs to part of a range suballocated to inferno.name of Serbia (apparently also known as v3Servers.net). Inferno featured recently in this blog with another similar malware attack, that time on 18.104.22.168. 22.214.171.124/4 seems to be full of (possibly fake) pharma sites.
http://blog.dynamoo.com/2011/08/somethi ... 77144.html