If it was port 80 then I'd agree.

Port 80 is on the server, not the client. Look at the other http connections in that list.

The ones that aren't loopback/localhost are connected via Windows firewall ports, the Canadian one isn't.

The Canadian one is still connecting to port 80 on the remote server (hence the ":http" at the end of the line). The local port wouldn't be 80 however it's connected. That's the way BSD sockets work.

I'm not quite sure what you mean by "Windows firewall ports".

It's not that uncommon for servers to not have reverse dns fully set up, they could be small servers on a dsl/cable line, or even on a shared hosting platform with multiple sites/users/companies shareing the same IP

So i could point wwww.mydomain.com to point to 70.38.25.72, but unless the isp offers reverse dns to the server looking up that ip will return the ISP domain.

The OP could have tried the -b or -o switches on the netstat command, this would tell hin the executable name and or PID of the process making the connection.

Hi there: i know thread its old, but just want to say that IP : 70.38.25.72, its a Lavasoft connection, for Ad Aware, AAService.exe its making a connection, at least in my computer. Cheers!