Sounds like the access warnings on my phone when I install a new app. Very annoying but things I need to know I suppose. Like a Firewall that is not configured yet.
Anyway, what I had found was by way of searching DDG using different terminology for the problem.
So you could try "configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution", or search for the IP it's warning about. Or the entire warning message.
220.127.116.11:80 is hide-my-IP, which I don't subscribe to, it's just the home page I always use to automatically go to first to tell me if I'm in protected mode the instant I start my browser.
That web site always fails to detect my identity, but it is possibly triggering TOR warnings.
This sounds like TOR is doing it's job and you are protected. So I think your home page is doing what you want it to. Does this message come up on other pages?
My guesswork for what it's worth.