Advice Request any one ever got Lucky elephant malware from siem?

[rhyzoptera]

Hi good people!
Im using alienvault siem and i always get this alert OTX Pulse: Lucky Elephant Campaign Masquerading and it always detected in payload a malicious domain ss.userscontent.com

i already did mitigation blocking domain, blocking port dest and install ads block in the detected asset (i found a log that contain this lucky elephant domain has something to do with ads banner or something) and already scan using malwarebytes but never find any threat. Yet this alarm still appear in siem.

I really need some advice to get rid of this alarm

thanks

 

[Learning]

What's the device?

Have you tried removing ads from your device (phone / laptop)?
Clear all chace Browser on ur device (chrome, firefox, ie, etc)

Try to Update ur Browser dude or Re-Install and also the OS

 

[rhyzoptera]

What's the device?

Have you tried removing ads from your device (phone / laptop)?
Clear all chace Browser on ur device (chrome, firefox, ie, etc)

Try to Update ur Browser dude or Re-Install and also the OS

the device is windows laptop,
anyway we already figure it out and all the domain already blocked, now when we got alert from lucky elephant its noted in raw log that the domain is redirect to our fortinet IP