Re: https://www.virustotal.com/en/url/9f7738b9be1752332a2c5233d5db99c22e311ad1173295d12316eaa8a66eae0d/analysis/1426515871/
See: https://www.virustotal.com/en/domain/d.rmgserving.com/information/
Read: https://labs.opendns.com/2013/03/20/discovery-of-new-suspicious-domains-using-authoritative-dns-traffic-and-parked-domains-analysis/ Older but still valid information, blog article author DHIA
Sucuri misses the detection of htxp://d.rmgserving.com/rmgdsc/newcaf.js?5.1 on this website.
Quttera flags: /index.html
Severity: Suspicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to suspicious blacklisted domain -a.rmgserving.com
File size[byte]: 12644
File type: HTML
Page/File MD5: C28F3599523E2D5B6C7A635168D997ED
Scan duration[sec]: 0.089000

Generic JS Malware detection? http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Baffec-A/detailed-analysis.aspx
Avast also detects Win32:Unruy [Trj] on IP.

Tracker tracker report attached with ad objects.
Do not open links in a browser - for security research purposes only.
Retrieving: htxp://www.google.com/adsense/domains/caf.js
Error: insufficient webdata received
One example alive here: http://support.clean-mx.de/clean-mx/viruses.php?domain=rmgserving.com&sort=first%20desc 6015.4 hrs active and up as JS/IFrame.RH Adware.

pol