Where? On htxp://13453765871837679316.googlegroups.com/attach/5ed5d019a6363180/docfile…htm?amp
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2F13453765871837679316.googlegroups.com%2Fattach%2F5ed5d019a6363180%2Fdocfile..htm%3Famp
Google Safebrowsing blocks site as it detects PHISHing there: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2F13453765871837679316.googlegroups.com%2Fattach%2F5ed5d019a6363180%2Fdocfile..htm%3Famp
Dr.Web: known infection sourceS
Script loaded: -https://www.gstatic.com/og//js/k=og.og.en_US.BlKtmKSC30Y.O/rt=j/t=zcms/m=ld,sy68,d,sy83,gl,is,id,nb,nw,sb,sd,st,awd,p,vd,lod,eld,ip,dp,cpd/rs=AA2YrTuI0Ryo3nP6OWGec17-sNxcj-ZYwg
Script loaded: -https://ssl.gstatic.com/feedback/api.js
Script loaded: -https://groups.google.com/forum/AE11383979D1A1906C0E466BA5AED7A8.cache.js
Script loaded: -https://apis.google.com//scs/abc-static/_/js/k=gapi.gapi.en.031mdWrIyGE.O/m=gapi_iframes,googleapis_client,plusone/rt=j/sv=1/d=1/ed=1/am=AAQ/rs=AHpOoo9LVH8q4HIB6ymfgTF00d12dbkTeA/cb=gapi.loaded_0
Sources and sinks detected here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fapis.google.com%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.031mdWrIyGE.O%2Fm%3Dgapi_iframes%2Cgoogleapis_client%2Cplusone%2Frt%3Dj%2Fsv%3D1%2Fd%3D1%2Fed%3D1%2Fam%3DAAQ%2Frs%3DAHpOoo9LVH8q4HIB6ymfgTF00d12dbkTeA%2Fcb%3Dgapi.loaded_0
and here:
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.gstatic.com%2Fog%2F_%2Fjs%2Fk%3Dog.og.en_US.BlKtmKSC30Y.O%2Frt%3Dj%2Ft%3Dzcms%2Fm%3Dld%2Csy68%2Cd%2Csy83%2Cgl%2Cis%2Cid%2Cnb%2Cnw%2Csb%2Csd%2Cst%2Cawd%2Cp%2Cvd%2Clod%2Celd%2Cip%2Cdp%2Ccpd%2Frs%3DAA2YrTuI0Ryo3nP6OWGec17-sNxcj-ZYwg
polonus (volunteer website security analyst and website error-hunter)