Magnified 0 Posted August 22, 2018 Share Posted August 22, 2018 Have tried this link several times and gotten warned off. Might this be a false positive? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,360 Posted August 22, 2018 Administrators Share Posted August 22, 2018 Are you using a Mikrotik router? If so, it might have been compromised and a CoinMiner javascript is being added through a special html file that has the original page included via a frame. This is currently detected as a PUA (JS/CoinMiner.AH) so make sure that you have PUA detection enabled and modules updated. Link to comment Share on other sites More sharing options...
Magnified 0 Posted August 23, 2018 Author Share Posted August 23, 2018 I am using a TP-link AC1200 switch; as far as i am aware nothing has been compromised, but this is not my specialty. Thanks for the reply. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,360 Posted August 23, 2018 Administrators Share Posted August 23, 2018 If the detection is still triggered on the website, please provide ELC logs but also select "quarantined files" prior to collecting the stuff. Link to comment Share on other sites More sharing options...
Recommended Posts