Is the 220.127.116.11 client a machine you have access to or ownership? If it is a Windows machine or a machine where you can run the netstat command, I would run that (in Windows) using the -ano switches. The -a says display all connections; -n means use numbers for addresses rather than names; -o displays the owning process for the connection. This would permit you to see what process is running on port 51158 on that client. You might also want to capture some packets using Wireshark or something similar and see what this client is requesting.
It might interest you to know that the 18.104.22.168 address belongs to ns.cjdream.net, a server in Korea. So, if this is unexpected traffic from this client to this DNS server, it may be true that this client is infected with some malware.