na1r.services.adobe.com ???

[Poofox]

Screencap of Process Hacker Network Tab

Am I being paranoid or is this quite strange and suspicious? None of these products have anything to do with adobe. What the heck is na1r.services.adobe.com and why is it listed so much under Local and Remote Address? I'm very experienced with computers, but networking has always been a mystery to me, so I'm not really sure what I'm looking at here...But I don't like it.

 

[badcrc]

Do you have Photoshop or some other Adobe CC software ?

na1r.services.adobe.com is something to do with their activation - Adobe products 'call home' to check your product is legit.

 

[Poofox]

Thanks, yea some adobe products are installed, but I just don't understand how it involves all these other processes.

Can anyone tell me what this signifies? Why would that product activation be so pervasive across my system? It should only be active when I actually run some adobe software, which I do infrequently.

 

[samuria]

Do you have creative cloud running at startup?

 

[Poofox]

@ samuria - No, I have no need for it, so it's disabled.

@ Anyone - I would just really appreciate some insight on wtf I'm looking at here, because to my networking ignorant mind it looks like something adobe related is forcing traffic from non-adobe apps through its server. Why would an adobe address show up as a local and remote address for e.g. Automap (MIDI controller software)?! Even creepier is Nvidia share, which can capture all my desktop activity.

Does anyone know what this means? Am I worried over nothing?

 

[Alejandro85]

I've seen something very similar to you and have a reasonable idea of what's going on.

All those strange things boil down to one single thing. Look at your hosts file, and you'll likely found an entry like this:

127.0.0.1     na1r.services.adobe.com

Since you said you have some Adobe software, and that's an activation server for such programs, all that indicates that you have some cracked Adobe software. That entry in the hosts file in fact nulifies their activation server, by redirecting all trafic to your own computer (and dying there), thus bypassing activation and phone-home. It's a widely known trick to hack software that requires activation into ilegally working without marking itself as hacked.
A legitimate use of this very same trick could be blocking advertising servers and bundled spyware.

Now, what has all that to do with your screenshot?
Network traffic can originate to/from your own computer and any other device. Each one, even yours is identified by an IP address. Additionally, IP addresses can be assigned a name for ease of use (you don't type "50.23.246.167" in your browser, you type "www.sevenforums.com"). Process hacker tries to be helpful here by showing you names of each host involved in connections, so you see friendly names instead of IPs, so it tries to do a reverse DNS lookup. As the DNS system involves the hosts files as taking priority over anything else, and your host file says that 127.0.0.1 is na1r.services.adobe.com (so you can ilegally use Adobe software) it also means that your computer is now na1r.services.adobe.com, so that's why Process Hacker shows you that. When you see that, it's in fact your own computer.

And why specifically na1r.services.adobe.com instead of any other entry? Likely it's the very first entry in the hosts file, so it just picks anything it finds.

So, should you be worried? Not at all, it's an expectable side effect of blocking computers with the hosts file. Worry instead of why are you blocking an activation server

 

[Barman58]

Easy fix - Remove all stolen Adobe software from your system and edit out the then unneeded entries in your Hosts file, and all will be good

 

[badcrc]

As the DNS system involves the hosts files as taking priority over anything else, and your host file says that 127.0.0.1 is na1r.services.adobe.com (so you can ilegally use Adobe software) it also means that your computer is now na1r.services.adobe.com, so that's why Process Hacker shows you that. When you see that, it's in fact your own computer.

re 127.0.0.1 - well spotted