I have been using Glasswire for years now and I want to thank you all for a great product. I’ve always just been an observer but I think it’s time to get my feet wet.
I have seen this before on GW on my desktop and could never figure out exactly what it was. Well it’s now on my laptop and I have an idea of what it is/does but I need to get second opinions from the masses. I apologize that I have just recently added this to my laptop so there isn’t a ton of history, less than one month. This only appears on one day, June 11th. I am attaching a screenshot of the Traffic Type. Underneath Hosts, mrpep is my router. This is just broken down into local traffic for this one day. Thanks!
Looks to be a website with an avatar chat?
We use an API to detect traffic and it’s not perfect, but it’s usually relatively accurate.
I’ve gone through all of my websites that I usually use and specifically to that day and I can’t figure it out … I know it’s definitely not something that I would use. I’m going to be paying attention to the dates that the usage appears and try to link that to whomever was at my house. Perhaps what they are doing is causing it. Thanks for your reply
We thought maybe you were trying to play a joke on us because your icon in the forum looks almost exactly like the ones on that Palace website.
Please note as Servo posted above that we use an API to detect traffic so it’s not perfect. Also maybe that website licensed their chat technology to another site and you use that other website that’s similar and that has similar style chat rooms?
I hadn’t noticed the similarities! Wow, kinda creepy. Sorry for the long delay, had some vacation time that needed to be attended to and it was absolutely adamant that I attend. LOL So now I’m back to the same ole same ole.
So I narrowed this thing down even more than before. This only occurs on Tuesdays. June 11, 18, 25. July 2. It happens after 5pm on each day the amount of data on those days ranges from 11MB to 58.6MB. When I correlate that with the Hosts, it points to mrpep which is my Peplink Router and the app that is using this is none other than Google Chrome.
I have no chat software that uses any kinds of chat rooms that I know of, I’m the only person that touches the network that I know of. I know it’s nothing that I am physically doing because of the time constraints. I’m eagerly waiting for Tuesday so I can see if I can put my finger on what this is. I have yet to sift through the logs of either the router or my laptop. I was actually able to narrow the beginning time of the last one to 5:49pm start time using Glasswire. The one back on June 18th started at 4:36pm.
If this seems to be something that has just recently started, I know that it’s been popping up on my system for sometime now. The last occurrence was about 6 months ago with the same setup, different ISP.
Any ideas now? Anything I should or shouldn’t do this coming Tuesday? I was thinking about having WireShark running the entire time to catch the traffic and see where that might lead me to. It honestly reminds me of a time when a friend had been hacked and the program on his computer would ‘phone home’ the information at a set interval. I have run malwarebytes, roguekiller, etc etc and nothing has been detected.
We’ll discuss internally and see if we have some ideas. Meanwhile please let us know if you find the cause.
Glad you guys are taking this seriously.
I’ve searched and gone through tons of info and it seems “The Palace” software was very popular in the late 90’s for people to get together to chat and build these sort of fantasy palaces. It seems there was no end to the type of palace that could be built, only limitation was your imagination and perhaps time. It seems there are a few diehard users of this software but that does nothing to explain how and or why it’s showing up on Glasswire running on my system.
For more info on this: https://en.wikipedia.org/wiki/The_Palace_(computer_program)
So it first started out on Tuesdays like I said … this past week it showed up on Monday, totally absent on Tuesday and then Friday (yesterday) it showed up again. This time it started at 5:02pm, on Monday it started at 9:07am. Yesterday I had nothing unusual running, nothing out of the norm and I was away from my computer for the entire time.
I’m going through my event logs seeing if I can find something in there … Any ideas now that the jokes are aside?
The API we use to detect traffic types is not perfect. I think perhaps your traffic has been miss-diagnosed maybe?
We will check the API we use to detect traffic types and make sure it’s the most recent update. Thanks for your feedback and sorry for the issue.