Under alert "Mal/HTMLGen-A" Google Chrome is showing as root cause and beacon is "layla-print.com". User didn't tried to access that domain but alert triggered how?
This thread was automatically locked due to age.
Under alert "Mal/HTMLGen-A" Google Chrome is showing as root cause and beacon is "layla-print.com". User didn't tried to access that domain but alert triggered how?
Thank you for reaching out to the community forum.
May we know if the detection only happens once or multiple times? How many systems are currently having this detection?
Was there a pattern of the detection like every 5 min or so? What application or process does the user access when observing the detection? Was there any script running on the device that calls this URL? You can Identify them by using Autoruns.exe by Microsoft.
Also as per checking in our Intelix UI portal, the website is categorized as suspicious.
