Cyberduck macOS ftp app pings all sorts of sites it shouldn't?

[swbratcher]

Using 9.0.2 version of the Cyberduck FTP client for macOS and Little Snitch traffic monitor revealed it attempting to contact over 100 sites that I have accounts on but don't FTP to, and have never FTP'd to. Is this application compromised? Why would it be contacting these sites with attempted connections? It was a bit alarming even though I blocked them. Thanks for looking and any insight you can offer.

I expected normal FTP use of the application on open. I didn't expect Little Snitch alerts to it contacting sites in my keychain or chrome saved passwords that I've never navigated to via FTP.

[dkocher]

The following usage will cause connect attempts when editing a bookmark:

• Attempt to download the Web URL favicon.ico for display. This can be disabled using the hidden configuration option

bookmark.favicon.download=false

• A reachability check is made to display an alert icon on failure. This will attempt to open a TCP connection to the server.

When opening Preferences → Profiles a list of connection profiles is loaded the AWS bucket s3:/profiles.cyberduck.io.

You should not expect any other connection attempts. Please provide any additional details you may have.