The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
AZORult botnet controller located at 172.67.141.104 on port 80 (using HTTP POST):
hXXp://nnpcoil.buzz/kendrick/index.php
$ dig +short nnpcoil.buzz
172.67.141.104
Referencing malware binaries (MD5 hash):
3e3151d99d8934059d42a37202e4e443 — AV detection: 20 / 68 (29.41)
8838150097445aea2194ed4c3a5b0caf — AV detection: 26 / 70 (37.14)
Other malicious domain names hosted on this IP address:
brainvectors.net 172.67.141.104
jzl.hostgatoramisulpride.site 172.67.141.104
www.ugpower.top 172.67.141.104
nnpcoil.buzz 172.67.141.104