The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Loki botnet controller located at 104.21.12.125 on port 80 (using HTTP POST):
hXXp://mangeruio.ir/greatness/five/fre.php
$ dig +short mangeruio.ir
104.21.12.125
Referencing malware binaries (MD5 hash):
0e6b9a3c952ce2644452faf0d9c97a0e — AV detection: 30 / 64 (46.88)
39a6683b9b279f662f90e1fa6b651c82 — AV detection: 28 / 69 (40.58)
5743aeb331258d07fedee531769d12fc — AV detection: 24 / 65 (36.92)
5d6d7caccac7437810e1bb63d5bded08 — AV detection: 24 / 68 (35.29)
Other malicious domain names hosted on this IP address:
hazarat.site 104.21.12.125
www.artthatsells.net 104.21.12.125
www.liveabusinesslife.com 104.21.12.125
mangeruio.ir 104.21.12.125