like the png attached, glasswire is classifying the traffic from discord as if its from thailand, but that domain I have seen numerous time before and it is never from thailand. similarly glasswire has grouped microsoft SSDP enables discovery of upnp traffic (220.127.116.11) and a lot of other local traffic as if its from thailand. Other PCs with older glasswire versions such as 2.3.413 never had this issue. Is there something wrong with the current version of glasswire?
It appears that something is wrong with the IP lookup in that screenshot.
I am still running version 2.3.413 of Glasswire, and when I login to Discord, I can see several connections made to 162.159.xxx.xxx IP addresses, all of which show “Region: unknown” in Glasswire.
When I plug “18.104.22.168” into a whois lookup, that IP is registered to CloudFlare Inc in San Francisco, CA.
On my end it just seems to be a problem with version 2.3.449? I have version 2.3.413 and 2.3.444 running on other endpoints and none of them have this problem so far. As a trend it seems that any connection with the region stated as Other and has a green icon next to them such as all the ipv4 and ipv6 multicast addresses as well as some discord domains that previously had region displayed as Others are all being displayed as thailand connections. Does anyone else have this issue with the latest version? or is something compromised on my end?
I’m seeing a way too inordinate number of hosts tagged with the Thailand flag as well.
The flags are parsed from the GeoLite2.mmdb file in C:\ProgramData\GlassWire\share and, no doubt, therein lie the errors. Unfortunately, I’ve never paid much attention to the flags, so I can’t say if the Thai flags were showing up in previous versions.
That file in my GW v2.3.449 installs are dated August 2022. Ironically, in the GW v2.4 beta the file is April 2020 and no Thailand flags.
It is up to GW to update this file which is licensed by MaxMind Inc.
If it’s annoying enough, an email to help@ is what you should do.
afaik there were no instances of wrong traffic region occurring in versions prior to 2.3.449. it just took me by surprise and thought it was something other than an error.
Thanks for the insight and ill look into emailing regarding this problem.
Thanks … I thought that was only happening to me.
FWIW stats show not too many hackers are in Thailand. Vast majority by far are in China. However, it wouldn’t be hard for them to act like they’re in Thailand I suppose, but then they would probably move it around rather than stay there.
- China 41 percent (of the world’s attack traffic)
Assume you’re in U.S. Country flags don’t help. Once sophisticated foreign hackers access a U.S. computer, they will route their traffic through that computer - so it’s U.S. flags that you need to worry about.
I just ran a cmd tracert on a website saying it came from Thailand. It didn’t … it came straight from S.F., CA., USA.
Probably a CloudFlare IP in SF. Check the ICANN registration for that IP.
All these Thai flags make me think of having Thai food for dinner … I think the Thai restaurants are behind it!