The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 65.21.226.115 on port 60392 TCP:
$ telnet 65.21.226.115 60392
Trying 65.21.226.115…
Connected to 65.21.226.115.
Escape character is ‘^]’
$ nslookup 65.21.226.115
65-21-226-115.serverhub.ru
Referencing malware samples (MD5 hash):
0b91486fe1450b8bbc0afac372b2a097 — AV detection: 26 / 67 (38.81%)
0ed55fa041adc2cb12006d044306633b — AV detection: 39 / 68 (57.35%)
19008dabdac3c666e9006648027c4754 — AV detection: 41 / 68 (60.29%)
194020bb0313b3175b0fb2e56d462e3c — AV detection: 38 / 68 (55.88%)
3036473dbbc33e438e536cf37197b837 — AV detection: 28 / 67 (41.79%)
398a709cdb0de1d15c286839ba6c48ed — AV detection: 47 / 68 (69.12%)
590f1f37bd82f3e99c0fbd0667b07dc6 — AV detection: 43 / 68 (63.24%)
8dd948f2971fcd7aac4cfa6484b7d69b — AV detection: 28 / 67 (41.79%)
a1eeb404009bd796328f8fbbb1a87a02 — AV detection: 34 / 68 (50.00%)
ac64a47120757eae812a79d0dc42c983 — AV detection: 42 / 66 (63.64%)
ad95953f1162d1179340da7c4b087fb5 — AV detection: 38 / 67 (56.72%)
b3e7ffc2b68ac03d4d2cfbb8f3e33080 — AV detection: 36 / 65 (55.38%)
beeae0294566a823cc4b40d6a006b374 — AV detection: 47 / 67 (70.15%)
decc8063a0859935b9028e5f8d90cb03 — AV detection: 16 / 59 (27.12%)
f65bbd4510c7bef492297e27b649e759 — AV detection: 23 / 68 (33.82%)
fab57a35302683a2c2fb2b8bd5361e23 — AV detection: 33 / 67 (49.25%)