Thank you for contacting the Sophos Community.
It seems to be a False Positive, but to confirm you would need to open a ticket with Support so they can send to Labs for confirmation.
You would need to submit the http.log, ips.log, and aptp.log
Additionally to this, you need to do a packet capture of the specific traffic.
188.8.131.52 is a well known bad host. annoying us since a while, too.
would be nice if Sophos would block this IP.
currently only traffic replies of machines behind the firewalls (XG or SG) are blocked by ATP. and this is causing alerts from the firewall each time.