Something I used to when I had to deal with that stuff was to set my firewall to be super restrictive and prompt at all new traffic. It eventually let me ID the process and ip address involved so I could deny them.

It's a nuisance for a while, and your firewall may not be set up for that level of precision and control. I regret that I cannot recall the precise firewall software. It was years ago before I switched to linux OSs. I do recall that it was not one of the major consumer brands, but something I scored a free copy of from a relative who got it via work as a trial or something.