Is the 18.104.22.168 client a machine you have access to or ownership? If it is a Windows machine or a machine where you can run the netstat command, I would run that (in Windows) using the <b>-ano</b> switches. The -a says display all connections; -n means use numbers for addresses rather than names; -o displays the owning process for the connection. This would permit you to see what process is running on port 51158 on that client. You might also want to capture some packets using <a href=”http://www.wireshark.org”>Wireshark</a> or something similar and see what this client is requesting.
It might interest you to know that the 22.214.171.124 address belongs to <a href=”http://network-tools.com/default.asp?prog=express&host=126.96.36.199″>ns.cjdream.net, a server in Korea</a>. So, if this is unexpected traffic from this client to this DNS server, it may be true that this client is infected with some malware.