AVs so bad, moste time there are false positive ... and I'm sure this is here the same. From your post I can't see what Malicious Website is requested by Joplin.
Did you use Plugin?
What action was taken when the warning pop up?
it is "ipwho.is" and it is the Joplinapp that is calling for it. The IP address is listed too. The only thing is that I am using the Rich Text Editor. I will try without it to see if the call is still be made. I am toggling Safe Mode from the Help menu.
The call is made each time I create a new Note in a Notebook. If I were guessing, the app (or some variant of it) is asking ipwho what the IP address of the joplin.exe that is creating a new note.
Not sure why joplin.exe would need that since it is already registered. In any case, Joplin is saving data, notes and notebooks without issue and malwarebytes appears to be blocking the data call to ipwho.is
If you look at the linked GitHub issue above, you will see that it says:
The request is from the Geo-location feature for the notes.
joplin/packages/lib/geolocation-node.ts
Line 31 in c95367f
const r = await fetchJson('https://ipwho.is/');
So if you switch off geo-location it should stop.
I have geo-location switched off and my DNS logs show no calls to ipwho.is.
If you type https://ipwho.is/ into a browser you will get a JSON file containing what is believed to be the location of your IP address. Mine is out by a good six miles!!
Nor me. You can search location so it may have some use in some circumstances. People use Joplin in so many different ways that what for me may seem to be an irrelevance will be one of those "dealbreakers" people sometimes post about.
