Apps connecting to remote torrent tracker

[Ominous 0]

For some weird reason, Adobe Reader, SpiderOak, Firefox, and other Internet-aware apps are trying to connect what seems to be some sort of torrent trackers. I managed to find it in Online Armor logs. I'm baffled that all point to localhost address 127.0.0.1 plus some random port.

Screenshots:

This is an example prompt from OA

Could it be some backdoor going through?

[catprincess 19]

There's a couple of other threads that mention the same issue (with different domains).

http://support.emsis...with-localhost/

http://support.emsis...076-local-host/

http://support.emsis...4964-localhost/

From what I can tell (and have occasionally observed myself), it seems like the domain on an initial popup is remembered and then shows up again on subsequent popups even though the current connection is unrelated to that domain. People report that the problem usually resolves itself at some point, though it may reoccur.

[Ominous 0]

Thanks for the tip!

Still I'm wondering for all the domains available, why a torrent tracker I've never seen before?.

[TPC 0]

Thanks for the tip!

Still I'm wondering for all the domains available, why a torrent tracker I've never seen before?.

I just started to get similar connection alerts,and I have never used any torrent trackers.

I may have visited the page at once, but never downloaded anything from it whatsoever.

[Andrew F. 28]

Hello everyone,

As you can see from the posted logs, the connections are being made to the localhost (127.0.0.1).

The connections are not being made to any torrent trackers.

Just a note:

It's not a rare occasion when some domains are being blocked (NOT by Online Armor) by returning 127.0.0.1 ip address in dns reply.

Online Armor just intercepts dns replies to show additional information in the popups.