website blocked for riskware www.ojrq.net

[BillH99999]

I use Thunderbird as my mail client.  Starting today I've been getting a popup saying that an outgoing connection to www.ojrq.net is being blocked when I open various emails.  They are emails from legitimate companies such as Marriott, Alaska Airlines, and others.  I did a scan with Malwarebytes and with Adwcleaner and nothing is found.

Any idea what might be causing this?  Is www.ojrq.net really a site that needs to be blocked and why did it just start getting blocked today?

Thanks,

Bill

 

 

 

Edited December 8, 2020 by BillH99999

[Porthos]

@BillH99999I will ask for your post to be moved to the correct section.

[BillH99999]

@Porthos

Thanks, I didn't realize I needed to post it somewhere else.  Thanks for moving getting it moved.

Bill

[TF4]

I have this same message. How can I resolve this?

[Porthos]

3 minutes ago, TF4 said:

I have this same message. How can I resolve this?

We need to wait for research to evaluate the address.

[DawgFan]

Same issue and IP.  Started 12/7/2020.

[jerry6665]

Same issue...  is Ojrq.net malware or can I use the websites using Ojrq.net safely?  Thanks, Jerry

 

[thisisu]

Hello,

This should only be blocked by BrowserGuard for ad server redirects. The unblock for MB3/MB4 is in progress and will be resolved shortly with a database update. Sorry for the inconvenience.

[BillH99999]

@thisisu

Thanks!

Bill

[TJLR]

My team has clients running MWB on an RDS and we got the same notification for ojrq.net. We weren't sure so we ran scans as clean per user, running Full Scan on RDS. Blocked the IP of that site inbound/outbound on our Firewall. 

Also, this one just came up as well. Can your team let us know if this issue is related?

Are these false positives or are these threats supposed to be blocked silently without notification? Please advise.

[Porthos]

35 minutes ago, TJLR said:

Also, this one just came up as well. Can your team let us know if this issue is related?

It is a different site being blocked. I will ask @thisisu to evaluate it for you.

[jerry6665]

What was decided about ojrc?

 

[Porthos]

1 hour ago, jerry6665 said:

What was decided about ojrc?

That it should not be blocked in Malwarebytes Premium any longer but it is an ad server that would be blocked in Browser Guard.

On 12/8/2020 at 2:09 PM, thisisu said:

Hello,

This should only be blocked by BrowserGuard for ad server redirects. The unblock for MB3/MB4 is in progress and will be resolved shortly with a database update. Sorry for the inconvenience.

 

[Porthos]

5 hours ago, jerry6665 said:

What was decided about ojrc?

 

From one Jerry to another best wishes and happy holidays.🙂

[jerry6665]

4 hours ago, Porthos said:

That it should not be blocked in Malwarebytes Premium any longer but it is an ad server that would be blocked in Browser Guard.

 

Thanks for taking the time to check this out and form an explanation and improve our knowledge

 

[jerry6665]

6 minutes ago, Porthos said:

From one Jerry to another best wishes and happy holidays.🙂

Back atcha!  ✌️

 

[thisisu]

On 12/8/2020 at 3:50 PM, TJLR said:

My team has clients running MWB on an RDS and we got the same notification for ojrq.net. We weren't sure so we ran scans as clean per user, running Full Scan on RDS. Blocked the IP of that site inbound/outbound on our Firewall. 

Also, this one just came up as well. Can your team let us know if this issue is related?

Are these false positives or are these threats supposed to be blocked silently without notification? Please advise.

Hello,

This one is a valid block, not related to the one mentioned in the OP. Low detection ( https://www.virustotal.com/gui/domain/spottoplunch4.live/detection ) but also rather new. ~2 days old

[Itcharus]

Malwarebytes version: 4.6.12

MacOS Catalina version: 10.15.7

Thunderbird version: not sure because now I cannot open it, but I installed an update (I assume the latest version) a few days ago.

I installed Malwarebytes for Mac yesterday (December 17th). Did an initial Malwarebytes scan, which detected and quarantined "Adware.IronCore". See attached file.Screen Shot 2020-12-19 at 8.45.23 AM.pdf

The time I used Thunderbird, I got a popup about 2 or 3 quarantined files in a pop-up. I did not screenshot it. I was able to continue on to Thunderbird. The next time I tried to open Thunderbird, I got a pop-up with the Finder icon that said "The application "Thunderbird.app" can't be opened (see attached file). Screen Shot 2020-12-19 at 8.34.45 AM.pdf

Is this the same issue as this thread? If not, is a new thread required and/or the opening of a support ticket?

 

[JPopovic]

Hello Itcharus,

Unfortunately, we wouldn't be able to help you out since this is a Web Protection section of the forum.

You would need to contact technical support - https://support.malwarebytes.com/hc/en-us

Thank you!

Edited December 20, 2020 by Dashke

[Itcharus]

Thanks Jpopovic!  I will open a support ticket.