I am using a Windows PC and been getting a notice from malwarebytes on occasion when using Joplinapp - the installed version.
This alert indicates that Jopplinapp is using ipwho.is in the background. The location of the IP that MWB is alerting on is in Reston, VA.
Is this an error or truly a trojan?
Protection Event Date: 12/10/22
Protection Event Time: 7:58 AM
Log File: 49f6b61c-788a-11ed-a369-b00cd1c3f479.json
Components Version: 1.0.1823
Update Package Version: 1.0.63270
OS: Windows 11 (Build 22621.819)
File System: NTFS
-Blocked Website Details-
Malicious Website: 1
, C:...l\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, ,
IP Address: 188.8.131.52
AVs so bad, moste time there are false positive ... and I'm sure this is here the same. From your post I can't see what Malicious Website is requested by Joplin.
Did you use Plugin?
What action was taken when the warning pop up?
Only a fee days ago ...
01:46AM - 30 Nov 22 UTC
05:10AM - 01 Dec 22 UTC
Please provide a clear and concise description of what the bug is. (In t
… he section Steps To Reproduce.)
Include screenshots for UI problems if needed.
DO NOT create screenshots of text !!! Copy and paste the text into a code block.
Please test using the latest Joplin release to make sure your issue has not already been fixed.
IMPORTANT: If you are reporting a clipper bug, please include an example URL that shows the issue.
Without the URL the issue is likely to be closed.
Joplin version: lastest as of Nov 29, 2022
OS specifics: Win10
Platform can be one of: macOS, Linux, Windows, Android, iOS, terminal (or a combination)
OS specifics: e.g. OS version, Linux distribution, Android/iOS version...
## Steps to reproduce
1. Downloaded off main joplinaap.org
2. Installed fresh copy on windows 10
3. Ran program, made a new notebook, clicked on file, new note
Issues without reproduction steps are likely to stall.
## Describe what you expected to happen
And my anti-virus protection program pops up with a Trojan Detected and Blocked.
Please attach a debug log. Issues without a debug log are likely to stall.
For information on how to collect a log file: https://joplinapp.org/debugging/
Im wanting to know if this is intentional or malicious?
it is "ipwho.is" and it is the Joplinapp that is calling for it. The IP address is listed too. The only thing is that I am using the Rich Text Editor. I will try without it to see if the call is still be made. I am toggling Safe Mode from the Help menu.
The call is made each time I create a new Note in a Notebook. If I were guessing, the app (or some variant of it) is asking ipwho what the IP address of the joplin.exe that is creating a new note.
Not sure why joplin.exe would need that since it is already registered. In any case, Joplin is saving data, notes and notebooks without issue and malwarebytes appears to be blocking the data call to ipwho.is
So if it is not needed, then why do it.
If you look at the linked GitHub issue above, you will see that it says:
The request is from the Geo-location feature for the notes.
Line 31 in c95367f
const r = await fetchJson('https://ipwho.is/');
So if you switch off geo-location it should stop.
I have geo-location switched off and my DNS logs show no calls to
If you type
https://ipwho.is/ into a browser you will get a JSON file containing what is believed to be the location of your IP address. Mine is out by a good six miles!!
Thank you. Not sure why anyone would want their notes Geo-Tagged. But I have turned it off and no calls outbound.
Nor me. You can search location so it may have some use in some circumstances. People use Joplin in so many different ways that what for me may seem to be an irrelevance will be one of those "dealbreakers" people sometimes post about.
Glad you have got the matter resolved.
... and welcome to the forum.
9 January 2023 22:02
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.