Steam Client Bootstrapper and the 175.255.255.255 mystery

I noticed that the Steam Client Bootstrapper application is occasionally sending tiny amounts of data to “175.255.255.255”, around 500 to 600 bytes (with no response), around the same as similar looking multicast addresses.

Does anyone else see this behavior? The IP belongs to a Korean ISP but it doesn’t seem like it is used, is there a reason why this would be a thing?

A bit concerningly, it shows up associated with a bunch of malware on VirusTotal, however, these samples connected to IPs of a similar pattern xxx.255.255.255 from a variety of other ISPs in addition to their own control server. The Steam Client Bootstrapper does not show any connections to any other (“real”) IP that is not clearly Steam-related.

Edit: Never mind, the amount of data sent seems to be lower actually, usually less than 100 bytes, I recently reset my GlassWire history so not sure when it started but over about a month it is listed right next to 255.255.255.255 with both around 30kb of data sent.

Edit 2: I have been able to trace this behavior back to March of this year on a different Windows install, interesting…

@Thinking

I searched around online and I could not find anything either.

GlassWire shows this: https://www.glasswire.com/host/175.255.255.255

The mystery gets even weirder: I just discovered that this happens regardless of whether my ethernet cable is plugged in. Unfortunately this makes researching this even harder because Wireshark stops recording when the machine goes to sleep (I forgot to put this in the post: While not exclusively, this most reliably happens right after the PC wakes up).

Such addresses are likely to be IPv.4 broadcast addresses which is why there is outgoing data for the broadcast but no incoming data in response. That might also be why it happens even when the ethernet cable is not plugged in.

255.255.255.255 is reserved as your local network’s broadcast address.

I have no idea why any application would be broadcasting to 175.255.255.255 unless your computer was actually in that subnet, i.e. you used “Korea Telecom” as your ISP.

Yeah that is very interesting, I definitely don’t use Korea Telekom. I wonder if Steam maybe has some sort of partnership with them and this is intended for users in Korea? Maybe to make Steam use their caching server or something?