Events & Breaches: Magecart Skimmer

Hello - I need a hand locating the domain. (Q7) 

I've found the name of the file that contains the skimmer then exported that. I have then opened that in a text editor and searched for "http://" and "https://" in the big chunk of text but nothing is matching.