The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
AZORult botnet controller located at 220.127.116.11 on port 80 (using HTTP POST):
$ dig +short nnpcoil.buzz
Referencing malware binaries (MD5 hash):
3e3151d99d8934059d42a37202e4e443 — AV detection: 20 / 68 (29.41)
8838150097445aea2194ed4c3a5b0caf — AV detection: 26 / 70 (37.14)
Other malicious domain names hosted on this IP address: