The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 52.15.81.204 on port 8808 TCP:
$ telnet 52.15.81.204 8808
Trying 52.15.81.204…
Connected to 52.15.81.204.
Escape character is ‘^]’
$ nslookup 52.15.81.204
ec2-52-15-81-204.us-east-2.compute.amazonaws.com
$ dig +short nsysc.duckdns.org
52.15.81.204
Referencing malware samples (MD5 hash):
300bd2c447ad9e271b60c7d36fe3cb7c — AV detection: 43 / 70 (61.43%)
8f1b9a9519a2e0c7d8ed42101090a48b — AV detection: 28 / 71 (39.44%)
9d11dcd320339ba7e2d28493eb412a6c — AV detection: 28 / 59 (47.46%)