If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from? Run Fiddler2 in MITM-attack mode and see what it's sending?
It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action. Your anti-virus/anti-adware up to date?
It's a mac...don't have ati-virus/anti-adware. Haven't needed it before, but after this and reviewing my sshd logs (didn't have deny hosts set up properly) I think I'll install Eset.