Jump to content

ipwho.is is blocked due to Trojan


Mehul
 Share

Go to solution Solved by TeMerc,

Recommended Posts

I am extending on this existing thread

The note taking app, Joplin, reaches out to ipwho.is to get some geolocation data. This is how I got MalwareBytes to raise the alert.

VirusTotal found nothing bad on the domain, so why is MalwareBytes alerting on Trojan?

I own neither Joplin nor ipwho.is - I am just curious why it's being blocked.

Thanks!

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/13/23
Protection Event Time: 12:17 PM
Log File: 82fc1048-936e-11ed-9400-ac12037856da.json

-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.64577
License: Premium

-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: ipwho.is
IP Address: 45.35.72.106
Port: 443
Type: Outbound
File: C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe



(end)

 

Link to post
Share on other sites

  • Staff
  • Solution
21 minutes ago, Mehul said:

I am extending on this existing thread

The note taking app, Joplin, reaches out to ipwho.is to get some geolocation data. This is how I got MalwareBytes to raise the alert.

VirusTotal found nothing bad on the domain, so why is MalwareBytes alerting on Trojan?

I own neither Joplin nor ipwho.is - I am just curious why it's being blocked.

Thanks!

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 1/13/23
Protection Event Time: 12:17 PM
Log File: 82fc1048-936e-11ed-9400-ac12037856da.json

-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.64577
License: Premium

-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: ipwho.is
IP Address: 45.35.72.106
Port: 443
Type: Outbound
File: C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe



(end)

 

Hello, thanks for bringing this to our attention. We've reviewed the data from the site again and have determined it no longer warrants being blocked so we've disabled the block in our database. 

Removal should be reflected in the next database update going out in a few hours or so.

  • Thanks 1
Link to post
Share on other sites

  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.