I noticed that the Steam Client Bootstrapper application is occasionally sending tiny amounts of data to “184.108.40.206”, around 500 to 600 bytes (with no response), around the same as similar looking multicast addresses.
Does anyone else see this behavior? The IP belongs to a Korean ISP but it doesn’t seem like it is used, is there a reason why this would be a thing?
A bit concerningly, it shows up associated with a bunch of malware on VirusTotal, however, these samples connected to IPs of a similar pattern xxx.255.255.255 from a variety of other ISPs in addition to their own control server. The Steam Client Bootstrapper does not show any connections to any other (“real”) IP that is not clearly Steam-related.
Edit: Never mind, the amount of data sent seems to be lower actually, usually less than 100 bytes, I recently reset my GlassWire history so not sure when it started but over about a month it is listed right next to 255.255.255.255 with both around 30kb of data sent.
Edit 2: I have been able to trace this behavior back to March of this year on a different Windows install, interesting…