Should I be concerned about 204.152.184.139 ?

I have 2 Windows XP computers on a small LAN sharing files in a Workgroup.  They use IP addresses 192.168.1.50 and 192.168.1.99.  Intermittently I lose connection between the two.  Kaspersky Internet Security 2010 on 192.168.1.50 is logging a Network Attack from 192.168.1.99 and closing all incoming connections from that computer.

Detected: Intrusion.Win.NETAPI.buffer-overflow.exploit
TCP from 192.168.1.99 to local port 445

While digging into why Kaspersky thinks .99 is attacking .50 I discovered via netstat that the svchost.exe process on .99 is also making TCP port 80 calls to 204.152.184.139.  Arin points that IP address to ISC, but it's a large netblock so there's not much other info about the owner.  When I pull up the IP address in a browser it looks like a default Apache webpage: "It Works!"

I've pulled .99 off of the Internet for now.
Is there a legitimate reason why svchost.exe would call 204.152.184.139 on port 80?
Seems that the calls out to 204.152.184.139 may be related to the buffer-overflow exploit attempt; am I reading too much into it?

Thanks!