Glasswire 2.3.449 classifying traffics as from thailand

like the png attached, glasswire is classifying the traffic from discord as if its from thailand, but that domain I have seen numerous time before and it is never from thailand. similarly glasswire has grouped microsoft SSDP enables discovery of upnp traffic ( and a lot of other local traffic as if its from thailand. Other PCs with older glasswire versions such as 2.3.413 never had this issue. Is there something wrong with the current version of glasswire?


It appears that something is wrong with the IP lookup in that screenshot.

I am still running version 2.3.413 of Glasswire, and when I login to Discord, I can see several connections made to IP addresses, all of which show “Region: unknown” in Glasswire.

When I plug “” into a whois lookup, that IP is registered to CloudFlare Inc in San Francisco, CA.

1 Like

On my end it just seems to be a problem with version 2.3.449? I have version 2.3.413 and 2.3.444 running on other endpoints and none of them have this problem so far. As a trend it seems that any connection with the region stated as Other and has a green icon next to them such as all the ipv4 and ipv6 multicast addresses as well as some discord domains that previously had region displayed as Others are all being displayed as thailand connections. Does anyone else have this issue with the latest version? or is something compromised on my end?

I’m seeing a way too inordinate number of hosts tagged with the Thailand flag as well.

The flags are parsed from the GeoLite2.mmdb file in C:\ProgramData\GlassWire\share and, no doubt, therein lie the errors. Unfortunately, I’ve never paid much attention to the flags, so I can’t say if the Thai flags were showing up in previous versions.

That file in my GW v2.3.449 installs are dated August 2022. Ironically, in the GW v2.4 beta the file is April 2020 and no Thailand flags.

It is up to GW to update this file which is licensed by MaxMind Inc.

If it’s annoying enough, an email to help@ is what you should do.



afaik there were no instances of wrong traffic region occurring in versions prior to 2.3.449. it just took me by surprise and thought it was something other than an error.
Thanks for the insight and ill look into emailing regarding this problem.

Thanks … I thought that was only happening to me.

FWIW stats show not too many hackers are in Thailand. Vast majority by far are in China. However, it wouldn’t be hard for them to act like they’re in Thailand I suppose, but then they would probably move it around rather than stay there.

  1. China 41 percent (of the world’s attack traffic)

Assume you’re in U.S. Country flags don’t help. Once sophisticated foreign hackers access a U.S. computer, they will route their traffic through that computer - so it’s U.S. flags that you need to worry about.

I have Ver. 2.3.449 and I’m getting the same thing but not as much.

I just ran a cmd tracert on a website saying it came from Thailand. It didn’t … it came straight from S.F., CA., USA.

1 Like

Probably a CloudFlare IP in SF. Check the ICANN registration for that IP.

1 Like

All these Thai flags make me think of having Thai food for dinner … I think the Thai restaurants are behind it!

same here v3.0.074 Not very good and no replies from the GlassWire team!


It’s a misreading from the GW Software. It’s actually from San Francisco, California and is reading as Thailand. Been trying to get them to correct it but it hasn’t been done yet. :grinning:

1 Like

I looked at this some more. I see people in India complaining about their Internet traffic going through France. So if you’re in the U.S., it’s possible your Internet connection to a website is actually going through Thailand. Apparently, Cloudflare has different levels of service. The more a website or ISP pays, the more direct the service. So if a website or your ISP is on a budget plan with Cloudflare, they may route your traffic through Thailand because a server there isn’t busy. Since an Internet data packet moves at close to the speed of light, the delay from a detour to Thailand would take literally only a fraction of a second in theory. So for all we know, if our connection seems slow, maybe our computers are connecting with a Cloudflare server in Thailand? Since Cloudflare is registered in the U.S. it would still say it’s a San Francisco IP address. So I think it’s possible the Cloudflare server your computer is talking to is in Thailand … only Cloudflare knows for sure!

1 Like

Thank you for your response. That makes more sense. :grinning:

1 Like

I could see the Thailand route happening occasionally - just like occasionally something will go through Europe or Japan … but not all the time. Frequent Thailand flags have to be a mistake!

1 Like

What you where saying earlier made sense but like you said going through Thailand all the time has to be a mistake. It seems it’s a software reading problem. I hope they can look into it and see where the problem is. :grinning:

1 Like

I think that Glasswire is not reflecting the IP locations correctly, per the geolocation lookup.

I had an IP address that was indicating Thailand region in the Glasswire GUI, but when I clicked through via the Glasswire “search online” tool, the Glassware website showed that the address was a Cloudflare IP assigned to the USA.

I compared this address with a couple of web based IP lookup sites and they also agreed that it was a USA location using Cloudflare as the ISP.

In fact, I even have a local multicast address used by Apple Bonjour that is shown in Glasswire as Thailand, LOL!


Apparently anything that has to do with Cloudflare says Thailand!