The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
DCRat botnet controller located at 220.127.116.11 on port 80 (using HTTP GET):
$ nslookup 18.104.22.168
Referencing malware binaries (MD5 hash):
7ec2862219365f2f7401a770e0bfc03a — AV detection: 4 / 65 (6.15)
f67e9c9915e81bd08ebb0e2b57909677 — AV detection: 37 / 66 (56.06)