I upgraded my firewall recently and have been getting notices of traffic to/from 138.201.196.156. Only one 124kb packet is in the signature and it was extremely sporadic. I set it for instant push notifications and found that when I launch CloneDVD that it appears that is what is causing the traffic. The firewall is recognizing this as a threat (Tor network). The IP resolves to a few domains from Elby which makes it sound legit to CloneDVD, however since updates are loaded from Redfox.bz, not sure if this is normal traffic expected and what for. I have noticed no change in the behavior of the software since the firewall first started blocking this traffic which leads me to believe it's ok to just suppress the notifications and continue to block it. Please advise and thank you.