Is there a list of IP’s that blizzard uses? All three of the IP addresses that were flagged on the security appliance as an incoming TCP connection. “ET SHELLCODE Possible Call with No Offset TCP Shellcode”
I got the agent from the battlenet site like I have for many years. Just trying to figure out why when I download a game from the agent I’m getting security events like that as I didn’t before with the same software.
I did some investigation (please bare with me as I can’t “post links” here) on Virus Total and found the following :
First 137 address - Incoming TCP connection - 1 security vendor flagged this as malicious (“Xcitium Verdict Cloud”) and seems to be a Blizzard CDN from the results in the relations tab. “agent” shows as a relation that was flagged as malicious by some scans. (Attempted connecting to port 65493)
IP address starting in 8 that resolves to Level 3 Parent, LLC in LA - Incoming TCP connection - Not flagged by any vendors as malicious but has relations to malicious files from clearly not Blizzard files. It also has several relations to Microsoft/Xbox Live, and Windows Update domains. One of them is level3blizzardcom (Attempted to connect to port 50140)
Incoming TCP connection - No security vendors flagged it as malicious and gets pretty much the same results as the above 137 address. (Attempted connecting to port 57532)
Does Blizzard have a security team that I could be routed to for further assistance with this? I tried making a ticket but nothing really seemed to fit the bill.