i checked the netstat command on my personal PC and i observed that it's establishing a connection to a foreigner address 18.104.22.168:443 (note that this is only connection established no other services is connecting to Internet). i start my investigation to gather more information about the IP using nmap, whois, wireshark. i came to know that the IP is hosted in UK for FastHost UK Network.
my concern is why my pc is connected to the above IP what kind of service exchanged? i run wireshark to analyze the traffic. and i observe that my PC first is sending a SYN request. a complete 3 way handshake complete and SSL connection established. the info given by wireshark is Continuation Data. i didn't get any more details.
from the firewall i create a rule to block the inbound and outbound connection.
my question. since my PC is starting the connection how to know the service or the software run? in order to delete it or kill it.