What's the suspicious public Internet site 184.108.40.206 ?
Security guys scanned & found that 3 of our users' PCs are
making connections to 220.127.116.11
What's this site? What malicious activity this will create?
Which Tcp/Udp port the PCs would attempt to connect to
this site on?
How do I go addressing this? do "netstat -ano" to find
if there's an "Established" connection to this IP & find
the process pid & terminate this process? Or is there
an AV scan to be run (but my customer only endorse
Symantec AV) ?