Jump to content

Malwarebytes blocking strange outbound connection from Joplin


Recommended Posts

I use an app called Joplin for notetaking at work and I recently started noticing that every time I create a new note, Malwarebytes blocks an outbound connection to a domain called [ipwho.is]. Malwarebytes is saying this is a Trojan. I have the sync function turned off in Joplin, so I am not sure why the internet would even be involved with the app at all. I specifically chose the app because it doesn't require login or sync, so it is going to be a real bummer if the app is trying to spy on me like nearly every other app does these days. I have tried using Google to find out if anyone else has experienced this, but I couldn't get any relevant search results.

Anyway, is this something I should be worried about? It's so annoying that the app is even interacting with the internet at all.

Thank you in advance. 



Link to post
Share on other sites

2 minutes ago, UserZero said:

Malwarebytes blocks an outbound connection

Please post the log showing the detection.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location




RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged




If you click on the View option you should get something similar to the following with other options available.






Thank you

Link to post
Share on other sites

Sorry, it's in Japanese. Will this work? I've redacted some personal information with asterisks.

保護イベント日付: 2022/09/22
保護イベント時間: 11:07
ログファイル: 55cb7fb6-3a1b-11ed-b5e0-ec2e98d41b72.json

コンポーネントバージョン: 1.0.1740
パッケージバージョンをアップデート: 1.0.60360
ライセンス: プレミアム版

OS: Windows 10 (Build 19044.2006)
CPU: x64
ファイルシステム: NTFS
ユーザー: System

悪意のあるウェブサイト: 1
, C:\Users\*****\AppData\Local\Programs\Joplin\Joplin.exe, ブロック済み, -1, -1, 0.0.0, , 

カテゴリ: トロイの木馬
ドメイン: ipwho.is
ポート: 443
タイプ: 送信側
ファイル: C:\Users\*****\AppData\Local\Programs\Joplin\Joplin.exe



Link to post
Share on other sites

Oh, my goodness. Okay, I have solved the problem. Sorry if I wasted your time. Deep in the settings there is a toggle for saving geolocation data in notes that must have been set to on by default. It must have been contacting that ipwho.is site to get the geolocation data. I turned it off and now the detection no longer occurs. I can't believe I didn't see it before.

I think we can consider the case closed.

Thank you for looking into it.  

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.