Suspicious Host Connection -


I can’t figure out what this is, so I was wondering if anyone knew.
Glasswire has alerted me multiple times of a “Suspicious Host Connection”, which is Chrome connecting to test dot com with IP: I scanned chrome and did malware/virus scans, nothing came up. I uninstalled Chrome and soon after Glasswire said my new browser was doing the same thing. Scans show nothing. I blocked test dot com with my firewall and it still happens. Stumped at this point. Should I be concerned? What should I do?


Securi Site Check shows as malicious for some reason.


I’m experiencing the same issue. Scanned with both antivirus and malwarebytes, clean results. Weird. In my case, it happens with multiple browsers. Will keep an eye on it


i am also getting this alert … AdwCleaner finds nothing nor does hitman pro


Securi is listing it as a hacked malware distributor. I can’t figure out how it’s getting the browsers to attempt connection.



VirusTotal has some manual votes from users there who show it’s somehow related to malware also but we can’t seem to find any details about what’s wrong and why Chrome would randomly connect there.

Suspicious Host Connection any advice on this?

I found out what the issue with this is, at least for me.

Using the built in browser in Steam, I can reliably reproduce this error when browsing the Darkest Dungeon wiki. Not always, but it definitely seems related to an ad/popup or redirect or some sort of (undesirable call/action); one which I never experience with Chrome itself since I run Ublock Origin.

So for those of you getting the error in Chrome itself - you may want to run Ublock Origin (which is generally a good idea anyways, and, yes, you can disable it on a site by site basis if you want).

I’ll take a guess that the IP is due to some hosts file customization? Maybe an AV product has added records or makes changes? That’s the one thing I don’t have any visibility or experience with.


Advertising network used by Yahoo, has been malicious in the past with malvertising.


I’ve also seen this flag and have found malicious proxies running in the background of my dads network. If you do a search on “social engineering exploits” or “metasploit” you end up finding some youtube videos of ethical hackers teaching classrooms of people on the dangers of these types of attacks.

But again i can not speak to the reasons someone else may have this IP address. But in my case someone else is using it to target out computers.



Like IP, the IP is an unroutable address as far as an external network is concerned. Simply put this means if any external network address (web URL) is assigned the IP (in the “hosts” file for example) any information attempted to be sent to that URL will not be routed to the external network (internet) since is not a legitimate IP address for any external networks. This has been used by some security products as a way of denying malicious programs from being able to “phone home” or send information outside of the “local” server/computer.

This is a simplistic explanation and more can be found by googling “localhost”, “”, “” and following related articles.


I still don’t know what is causing it or how to efficiently get rid of it. I reformatted my hard drive and the problem went away for months. However it came back soon after I turned off adblock for some normal and (so I thought) safe websites that I typically frequent. Before reformatting, I should note that I did not use any ad blocking software. If anyone knows a better way to fix the problem, I’m all ears.



If you feel it’s a false positive you can go to your GlassWire settings, then security, then disable our suspicious host monitor.


I have the same issue. For me its the Microsoft Edge Content Process causing this issue. File name microsoftedgecp.exe. Virus scans show nothing. Is this a bug in Glasswire? Because from what I gather from the forums is that different programs as exhibiting this issue. The only constant is Glasswire. Please help as every time the suspicious host alert pops up, I get paranoid. I’ve uploaded some screen shots. Thanks.


I’d like to add that I have Windows 10 with latest build/updates. Using built in Windows defender/Firewall. Only program installed to monitor network is Glasswire. Also using a VPN service from VyprVpn. Other than that there are no virus, firewall or network monitoring programs except what’s already built into Windows.


I will ask our team to remove Test .com from our suspicious host list.


Ok. But any ideas on why is Glasswire showing as Test .com?

I don’t know if using a VPN could be causing this issue.


We have removed this domain from our suspicious host lists.