Ok, I found it in my browser history.
https://bitcointalk.
to /index.php?topic=1638278.0
Did a google search to find out how to do animated gifs on bitcointalk
Add the phishing site to your hosts file, and reroute it to localhost. That prevents this in the future:
I have added this line to /etc/hosts
127.0.0.1 bitcointalk.to
Now my computer can't access that phishing site anymore.