The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 126.96.36.199 on port 5050 TCP:
$ telnet 188.8.131.52 5050
Connected to 184.108.40.206.
Escape character is ‘^]’
milla.publicvm.com. 120 IN A 220.127.116.11
$ nslookup 18.104.22.168
Referencing malware samples (MD5 hash):
a1dc13ee86b165344455083572e15e41 — AV detection: 25 / 70 (35.71%)