We saw malvertizements featuring diamondharmony.com back in June of this year.
The malvertizement code is similar to that used for the malvertizement that appeared on newsweek.com back in August of this year. This malvertizement is also created using Fuse, and references adoptserver.info.
Adoptserver.info's IP address is currently 188.8.131.52, hosted in California by Cernel. It is, apparently, registered to a Javier Vega, email firstname.lastname@example.org.
Interestingly, I noted back in August that adoptserver.info's name servers were supplied by the infamous "estboxes". That has now changed, with the domain name servers being NS.ADOPTSERVER.INFO and NS2.ADOPTSERVER.INFO. It looks like the transfer occurred back in September of this year, with the name servers being transferred from estboxes.com to hghost.net, and then from hghost.net to its current resting place.
IP address for the domain changed at the same time, from 184.108.40.206 (Cernel) to 220.127.116.11 (United Kingdom Real International Business Corp), and from there back to to 18.104.22.168.
The WHOIS for this domain was, until on or about 24 June 2008, protected by privacyprotect.org, and the sponsoring Registrar at that time was listed as ESTDOMAINS.
The Sponsoring Registrar is currently listed as Regtime Ltd. (R455-LRMS)
It is interesting that these changes are occurring, and that the ICANN Registrar is now listed as Regtime Ltd. Yes, the bad guys are diversifying and have learned not to "hide all their eggs in one basket" but sadly for those behind the domains that facilitate malvertizing, historical WHOIS and IP records are preserved and accessible.
We already know to keep a close eye on Regtime. That name is appearing in association with more and more malvertizing domains, for example: