For a few weeks I recieve messages about dangerous outgoing connections to 220.127.116.11 from a german hosting provider. I knew there is only WordPress running and my first thought was it is any plugin doing crappy things. After deactivating the most of them I thought it has to be Jetpack.
But then I discover the IP is from https://websynthesis.com/ which means that probably the auto update of the Genesis Framework is causing this.
The prove is here:
in the theme file genesis/lib/functions/upgrade.php we can find a call to $url = 'https://api.genesistheme.com/update-themes/'; a ping on api.genesistheme.com directly points to 18.104.22.168.
If you want to avoid this just try to uncheck auto updates in the theme options.
et voilà another Genesis problem solved.