Killjoy_Cutter: I don't have Galaxy installed at all.
Liosan: Hi!
Sorry for the problem. This definitively shouldn't work like this. Does your firewall show the domain name? Alternatively, could you give me the IP address? I could try checking what services run there, which would help us with reproducing and fixing this problem.
Liosan
Killjoy_Cutter: I also sent in a support request with this same problem, but for your reference, here's the info:
IP address it is trying to access is: 13.33.126.6 -- which resolves to cloudfront / Amazon AWS.
Problem Event Name: APPCRASH
Application Name: BattleTech.exe
Application Version: 5.6.5.64727
Application Timestamp: 5a5de904
Fault Module Name: Galaxy64.dll
Fault Module Version: 1.114.2.0
Fault Module Timestamp: 5a5e0df0
Exception Code: 40000015
Exception Offset: 000000000035b25a
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional Information 1: a73f
Additional Information 2: a73f7dad24909da5dbb0a6da34d7e344
Additional Information 3: 85f0
Additional Information 4: 85f0b899a53a5e256fbf7a0551f44940
I found the two domains hosted on that IP address in my DNS history cache:
# grep '13\.33\.126\.6$' /var/lib/dynaresolve/*
/var/lib/dynaresolve/cf-hls-media.sndcdn.com:13.33.126.6
/var/lib/dynaresolve/config.uca.cloud.unity3d.com:13.33.126.6
cf-hls-media.sndcdn.com is a media server backend for Soundcloud audio media. Not sure what config.uca.cloud.unity3d.com is exactly, but it obviously seems something to do with configuration related to the Unity3D game engine.
There are probably dozens of domains on that IP aside from the two in my DNS history archives, which are hosting back end services for various websites across the web however. Doing forward lookups on those two domains gives me a list of completely different IPs which suggests they're using DNS roundrobin loadbalancing as well.
It's entirely possible that GOG Galaxy, Unity3D, or the game itself is trying to connect to some back end server for something. It could be "latest game news" or something like that, or any number of other innocuous things, or it could be some kind of telemetry gathering, or even a bug in the game.
I don't own that game personally or I would do a network analysis and tell you the exact domain it is trying to connect to. If anyone who owns the game is using a Linux based router, and running a local caching DNS server on it they could enable DNS query logging to find out. Alternatively running tcpdump and capturing DNS packets would serve the same purpose, or even using Wireshark from the Windows machine the game is running on, however that requires some familiarity with network packet analysis.
Another option that might work, is running the Windows Resource Monitor and opening the network tab up, then starting up the game and immediately ALT-TAB out of the game once you are sure it has probably attempted the network access. Look in the network connections for outbound connections from the game and whether it shows an IP or domain name. Chances are the IP address will be different than the one you got before if the domain is load balanced using roundrobin DNS, but you should be able to obtain the domain name at least, which might yield more clues.
Other than that, allowing the access through the firewall and doing a complete network packet dump of the port(s) it is connecting to might be the only way to see what data is being transferred and for what purpose, assuming it is unencrypted. If it is encrypted don't bother, there's no way easily peel back the encryption to analyze the payload.
One thing you can do however, is to add an entry to your Windows hosts.txt file and map a fake local address to the same domain, ie:
127.100.0.1 gamedomain.com
Where "gamedomain.com" is whatever the domain name is that it is connecting to as determined by the above. Note that editing the hosts.txt file may cause some antivirus software to have a heart attack.
