The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 65.52.145.87 on port 21 TCP (FTP user name: webshots@dveshop.ro):
$ telnet 65.52.145.87 21
Trying 65.52.145.87…
Connected to 65.52.145.87.
Escape character is ‘^]’
$ nslookup 65.52.145.87
whm.wwh.ro
$ dig +short ftp.dveshop.ro
65.52.145.87
Referencing malware samples (MD5 hash):
2e65e1e1cbc00f87cc1756e9c37dd93a — AV detection: 22 / 73 (30.14%)