Malwarebytes indicates a Trojan

I am using a Windows PC and been getting a notice from malwarebytes on occasion when using Joplinapp - the installed version.

This alert indicates that Jopplinapp is using in the background. The location of the IP that MWB is alerting on is in Reston, VA.

Is this an error or truly a trojan?


-Log Details-
Protection Event Date: 12/10/22
Protection Event Time: 7:58 AM
Log File: 49f6b61c-788a-11ed-a369-b00cd1c3f479.json

-Software Information-
Components Version: 1.0.1823
Update Package Version: 1.0.63270
License: Premium

-System Information-
OS: Windows 11 (Build 22621.819)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:...l\Programs\Joplin\Joplin.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
IP Address:
Port: 443
Type: Outbound
File: C:...\Programs\Joplin\Joplin.exe


AVs so bad, moste time there are false positive ... and I'm sure this is here the same. From your post I can't see what Malicious Website is requested by Joplin.

Did you use Plugin?
What action was taken when the warning pop up?

Only a fee days ago ...

it is "" and it is the Joplinapp that is calling for it. The IP address is listed too. The only thing is that I am using the Rich Text Editor. I will try without it to see if the call is still be made. I am toggling Safe Mode from the Help menu.

The call is made each time I create a new Note in a Notebook. If I were guessing, the app (or some variant of it) is asking ipwho what the IP address of the joplin.exe that is creating a new note.

Not sure why joplin.exe would need that since it is already registered. In any case, Joplin is saving data, notes and notebooks without issue and malwarebytes appears to be blocking the data call to

So if it is not needed, then why do it.

If you look at the linked GitHub issue above, you will see that it says:

The request is from the Geo-location feature for the notes.


Line 31 in c95367f
const r = await fetchJson(''); 

So if you switch off geo-location it should stop.


I have geo-location switched off and my DNS logs show no calls to

If you type into a browser you will get a JSON file containing what is believed to be the location of your IP address. Mine is out by a good six miles!!

1 Like

Thank you. Not sure why anyone would want their notes Geo-Tagged. But I have turned it off and no calls outbound.

Nor me. You can search location so it may have some use in some circumstances. People use Joplin in so many different ways that what for me may seem to be an irrelevance will be one of those "dealbreakers" people sometimes post about.

Glad you have got the matter resolved.

... and welcome to the forum.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.