The webmaster at these sites at that IP or their hoster should take notice of what is revealed here by link article author Tony Perez
http://blog.sucuri.net/2012/07/website-malware-removal-counter-php.html
About the populatity of these various counter.php malware → http://michajp.blogspot.nl/2013/03/malicious-counterphp.html
also see the malcode dropper there… blog article author mimojapan (a Kaspersky Labs fan)

So that site with the HTML:Iframe-ZG[Trl] malcode could iniatially been infected for redirection to Blackhole exploit

polonus