I have seen 2 instances of this pop up in my alerts. Both workstations it's been detected on are in the same department. When I look up the IP Address on MXtoolbox, it's coming back as a WordPress site and isn't on any blacklists. I found out today that the users for those workstations have been going to a WordPress blog that we manage. If that is true, this might explain the activity.
I'm wondering if other Spiceheads have come across this same IP Address and what their investigation has dug up. Thank you.