The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Loki botnet controller located at 104.21.3.248 on port 80 (using HTTP POST):
hXXp://augmentinprod.ir/jin/five/fre.php
$ dig +short augmentinprod.ir
104.21.3.248
Referencing malware binaries (MD5 hash):
16f716620dd5c0151f14e9972ceece41 — AV detection: 24 / 67 (35.82)
4887bc062d551b274625bfc08eb72800 — AV detection: 25 / 68 (36.76)
5ebc22e8c5652f871de797209bc76172 — AV detection: 23 / 68 (33.82)
759800afe649da5a0d1df75858cfd2ff — AV detection: 39 / 63 (61.90)
b472b79f63ddbe091346ca5fb95fcf91 — AV detection: 41 / 68 (60.29)
babf854a6db85c78752ab47aba8a6b92 — AV detection: 20 / 67 (29.85)
d5dfc0531135352d201fc40d31fd0ad5 — AV detection: 37 / 67 (55.22)