Mehul Posted January 13 ID:1549484 Share Posted January 13 I am extending on this existing thread The note taking app, Joplin, reaches out to ipwho.is to get some geolocation data. This is how I got MalwareBytes to raise the alert. VirusTotal found nothing bad on the domain, so why is MalwareBytes alerting on Trojan? I own neither Joplin nor ipwho.is - I am just curious why it's being blocked. Thanks! Logs: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/13/23 Protection Event Time: 12:17 PM Log File: 82fc1048-936e-11ed-9400-ac12037856da.json -Software Information- Version: 4.5.19.229 Components Version: 1.0.1860 Update Package Version: 1.0.64577 License: Premium -System Information- OS: Windows 10 (Build 19045.2486) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: ipwho.is IP Address: 45.35.72.106 Port: 443 Type: Outbound File: C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe (end) Link to post Share on other sites More sharing options...
Staff Solution TeMerc Posted January 13 Staff Solution ID:1549496 Share Posted January 13 21 minutes ago, Mehul said: I am extending on this existing thread The note taking app, Joplin, reaches out to ipwho.is to get some geolocation data. This is how I got MalwareBytes to raise the alert. VirusTotal found nothing bad on the domain, so why is MalwareBytes alerting on Trojan? I own neither Joplin nor ipwho.is - I am just curious why it's being blocked. Thanks! Logs: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/13/23 Protection Event Time: 12:17 PM Log File: 82fc1048-936e-11ed-9400-ac12037856da.json -Software Information- Version: 4.5.19.229 Components Version: 1.0.1860 Update Package Version: 1.0.64577 License: Premium -System Information- OS: Windows 10 (Build 19045.2486) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: ipwho.is IP Address: 45.35.72.106 Port: 443 Type: Outbound File: C:\Users\<username>\AppData\Local\Programs\Joplin\Joplin.exe (end) Hello, thanks for bringing this to our attention. We've reviewed the data from the site again and have determined it no longer warrants being blocked so we've disabled the block in our database. Removal should be reflected in the next database update going out in a few hours or so. 1 Link to post Share on other sites More sharing options...
Recommended Posts