Hi good people!
Im using alienvault siem and i always get this alert OTX Pulse: Lucky Elephant Campaign Masquerading and it always detected in payload a malicious domain ss.userscontent.com
i already did mitigation blocking domain, blocking port dest and install ads block in the detected asset (i found a log that contain this lucky elephant domain has something to do with ads banner or something) and already scan using malwarebytes but never find any threat. Yet this alarm still appear in siem.
I really need some advice to get rid of this alarm