This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- Loadpage misscategorize as malware
Loadpage misscategorize as malware
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2022 02:10 AM
Hi,
We have some issues with a html that shows a circle loader. This html is categorised as malware by netskope:
- malware name: Trojan.HTML.MALINK.FASJSNORS
- md5: 51618ac2b7cf5c4937213e965c00f20a
- Sha256: 0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5
This is the script content that loads the HTML:
<script language="Javascript">var _skz_pid = "9POBEX80W";</script>
<script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script>
In virustotal, it is also categorised as malware
Searching in url scan, you can see several webpages with this hash, but it always refer to 40X HTTP response.
This is one example: https://urlscan.io/result/7d7170fa-b6d7-43bd-87da-df6028f0a753/
Reading this post, it seems that some hosting server, wordpress plugis, etc, are using this html loader template instead of 404 page.
Most likely, some malware was pointing to some server, but then , the malware content was deleted and then antivirus engines started to categorised this loader as a malware.
I've had the MD5 to the allowList hashes, but I think this should be re-categorised.
Labels:
- Labels:
-
malware
-
Threat Protection
0 Replies 0
Subscribe
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Labels
-
NG-SWG
29 -
SWG
23 -
NSClient
19 -
DLP
12 -
netskope client
11 -
Next Gen SWG
11 -
NGSWG
8 -
android
6 -
SCIM
5 -
Client
5 -
Real-time Policy
4 -
URL List
4 -
cloud firewall
4 -
forward proxy
4 -
Threat Protection
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
CASB
4 -
GRE
4 -
IOS
4 -
Netskope Endpoint Client
4 -
cfw
3 -
users
3 -
policy
3 -
Google Idp
3 -
DLP Violation
3 -
malware
3 -
Provisionning
3 -
categories
3 -
Email DLP
3 -
IDP
3 -
Groups
3 -
skopeit
3 -
Netskope Agent
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
Azure
2 -
ssl
2 -
Certificate Pinned
2 -
Advanced Analytics
2 -
traffic
2 -
inline
2 -
install
2 -
Netskope Client installation mechanism
2 -
Best Practices
2 -
ChromeOS
2 -
Directory Importer
2 -
AWS
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
IPSec Tunnels
2 -
ipsec
2 -
PAC file
2 -
User Group
2 -
Authentication
2 -
url filtering
2 -
Reverse Proxy
2 -
steer traffic
2 -
Admin
2 -
cloud exchange
2 -
okta
2 -
Access
2 -
Netskope
2 -
Apps
2 -
vpn
2 -
Azure AD
2 -
User Notification
2 -
Advance Analytics
2 -
Sync
2 -
MacOS
2 -
Chromebook
2 -
steering exception
2 -
slowness issue
2 -
communication between domain and application
1 -
data
1 -
Next Fen SWG
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
Instances APP Enterprise
1 -
NativeApp
1 -
controls
1 -
no decryption
1 -
alerts
1 -
Profile
1 -
GitHub
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
punycode
1 -
Netskope REST API
1 -
AAD
1 -
google
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
discord
1 -
Local admin
1 -
interception
1 -
SASE
1 -
multi-user mode
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
Epic
1 -
dashboards
1 -
Internet Access
1 -
browser
1 -
WebSecurity
1 -
log data
1 -
Upload
1 -
traffic steering
1 -
SSL Decrypt Bypass
1 -
googledocs
1 -
status
1 -
steering
1 -
block
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
Internet next hop type
1 -
openai
1 -
appdefinition
1 -
HTTP Header Profile
1 -
MIP
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
chatgpt
1 -
NewEdge
1 -
zero touch
1 -
best practice
1 -
security posture check
1 -
Rest API
1 -
Report
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
Artificial Intelligence
1 -
ldap
1 -
CCI
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
explicit proxy over IPSec
1 -
AMP
1 -
SIEM Integration
1 -
Intune
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Office 365
1 -
Evasive Phishing
1 -
domain
1 -
interoperability
1 -
Education
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
domain fronting
1 -
file size
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
MFA
1 -
Whitelist
1 -
incremental update
1 -
Troubleshooting
1 -
Netskope Threat Labs
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
Google chat
1 -
Windows Server 2016
1 -
native definition
1 -
API
1 -
configuration
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
App
1 -
Netskope Admin
1 -
YouTube
1 -
Guidelines
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
APP instance
1 -
web
1 -
licensing
1 -
client update
1 -
Custom Rule
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances Corp
1 -
Whatsapp
1 -
application
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In