rhyzoptera

New Member
Hi good people!
Im using alienvault siem and i always get this alert OTX Pulse: Lucky Elephant Campaign Masquerading and it always detected in payload a malicious domain ss.userscontent.com

i already did mitigation blocking domain, blocking port dest and install ads block in the detected asset (i found a log that contain this lucky elephant domain has something to do with ads banner or something) and already scan using malwarebytes but never find any threat. Yet this alarm still appear in siem.

I really need some advice to get rid of this alarm

thanks
 

Learning

New Member
What's the device?

Have you tried removing ads from your device (phone / laptop)?
Clear all chace Browser on ur device (chrome, firefox, ie, etc)

Try to Update ur Browser dude or Re-Install and also the OS
 

rhyzoptera

New Member
What's the device?

Have you tried removing ads from your device (phone / laptop)?
Clear all chace Browser on ur device (chrome, firefox, ie, etc)

Try to Update ur Browser dude or Re-Install and also the OS
the device is windows laptop,
anyway we already figure it out and all the domain already blocked, now when we got alert from lucky elephant its noted in raw log that the domain is redirect to our fortinet IP
1590573260583.png