Suspicious Host Connection

Hi! I’d been using Glasswire for 2 years now and this is the first time I have problems. My Glasswire have warned me of suspicious host connection in Edge (most of it), Epic Games Store and Windows Host Services. In all cases de IP esa 0.0.0.0. I only have glasswire with Windows defenderand after do complete scans I don’t found anything strange. Anyone knows something about this strange connections? All of them have different names but same IP.

1 Like

Same here, first time I have recieved this message just started a few hours ago on just one program: Thunderbird. Virus Total and local virus scan do not turn up anything. Windows 10 1803, GW 2.1.167

1 Like

We are on top of this issue and we are solving it ASAP.

Meanwhile please go to the top left GlassWire menu and choose “settings/security” then disable the “suspicious hosts” option.

0.0.0.0 is not a real IP address as it will not be routed. It normally designates one of the following situations:

  • That an IP address cannot be identified for a host.
  • It is the default for an unconfigured device on the local network.
  • It represents all addresses on the local network

But I’m not sure if this is how GlassWire is either interpreting it or using it.

Not an option in GW free, may have to uninstall if becomes unbearable at least for the moment.

This seems to be about the 0.0.0.0 IP addresse, same as a few years ago in the topic “Suspicious Host Connection - test . com 0.0.0.0” (I’m a new user and can’t post links here). I was also notified of suspicious hosts with 0.0.0.0 IP, namely:
-WordPress image storage via i*.wp . com accessed by my browser
-YouTube image storage via s.ytimg . com accessed by my browser
-Microsoft One Drive via 1drv . ms accessed by Host Process for Setting Synchronization

I’m fairly certain that these hosts, as well as the applications connecting to them, are trustworthy.

1 Like

@Noctum28

Yes you’re right. Something went strange with our suspicious list source so we’re looking for a new partner for this feature. Sorry for the problem.

1 Like


Seeing as I’m not the only one having this, figured I’d pitch in too. Windows 10 1909, GW 2.1.16.167
Same 0.0.0.0 IP for all of them.

1 Like

@Ken_GlassWire

Hi Ken,
I have the same issue. But I have 2 PC and it is happening only on the one PC. Both PC has same GlassWire version 2.1.167 with same GlassWire configuration. Both PC are running on Windows 10 x64 v1909. My test URL is “s_dot_ytimg_dot_com”
If there is a problem with “suspicious list source” why it doesn’t happening on both PC? It is weird for me.
There is probably another dependency too.

1 Like

@KamilZ

Your other PC just has not updated the list yet. Sorry.

So to be clear does this mean that if I’m getting similar suspicious host connection alerts that my system isn’t compromised? They also all show the IP 0.0.0.0, but have different hostnames.

@Snoopy_Doge

Your system should be OK.

Hello Ken_GlassWire! I was looking at my GlassWire Usage Traffic and I found a suspicious connection to a Tor network thru a Microsoft Ultimate Word Game. I don’t have a TOR Onion on my computer anywhere. Here’s the Screen shot. Is this safe or should I be blocking this?

@Batpup

Is that game signed by Microsoft and it’s an official Microsoft app, or who makes it?

It’s made by Microsoft and put out by them but it’s the first I’ve seen them using a Tor network Their other products and games don’t use it so why this particular game? Just seems suspicious to me. Could it be a possible hack?

@Batpup

Maybe analyze the file with VirusTotal, but if it looks OK I’d guess it’s just an incorrect traffic detection with the API we use to detect traffic types.

The Usage view by App with that software selected would likely be more useful because it might show other information such as if that server is reached with other protocols.

1 Like