Netskope Community
08-16-2022 02:10 AM
Hi,
We have some issues with a html that shows a circle loader. This html is categorised as malware by netskope:
This is the script content that loads the HTML:
<script language="Javascript">var _skz_pid = "9POBEX80W";</script>
<script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script>
In virustotal, it is also categorised as malware
Searching in url scan, you can see several webpages with this hash, but it always refer to 40X HTTP response.
This is one example: https://urlscan.io/result/7d7170fa-b6d7-43bd-87da-df6028f0a753/
Reading this post, it seems that some hosting server, wordpress plugis, etc, are using this html loader template instead of 404 page.
Most likely, some malware was pointing to some server, but then , the malware content was deleted and then antivirus engines started to categorised this loader as a malware.
I've had the MD5 to the allowList hashes, but I think this should be re-categorised.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In