If the IP is 205[.]185[.]216[.]42, it is a false positive.
If it were real, I'd dig into which app/process did the communication using the Trajectory. Figure out what app it is, if it's not something that you know is good, convict it so that AMP shuts it down. For example if its a file your user downloaded, or a fileless process started from Word or Excel... you'd kill that process and track down how it got in.