The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 3.91.91.127 on port 3071 TCP:
$ telnet 3.91.91.127 3071
Trying 3.91.91.127…
Connected to 3.91.91.127.
Escape character is ‘^]’
$ nslookup 3.91.91.127
ec2-3-91-91-127.compute-1.amazonaws.com
$ dig +short severdops.ddns.net
3.91.91.127
Referencing malware samples (MD5 hash):
9401cf9f73dfb187bf4cef05d8cfe72b — AV detection: 17 / 69 (24.64%)
a65b75567794b4d9f2558c672bd07dd5 — AV detection: 14 / 67 (20.90%)