The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Loki botnet controller located at 104.21.30.161 on port 80 (using HTTP POST):
hXXp://arku.xyz/tkrr/T1/w2/fre.php
$ dig +short arku.xyz
104.21.30.161
Referencing malware binaries (MD5 hash):
504b15bb72b7d562c421480d14da7254 — AV detection: 42 / 70 (60.00)
8b5a980696f65c6fa9b46905f113a20e — AV detection: 22 / 68 (32.35)
8f0d9e78bc14296855b9f2eed1538f87 — AV detection: 21 / 70 (30.00)
90278620d5c48944d8d78f92f18b2e6f — AV detection: 42 / 68 (61.76)
ad18f3aaaa3921f0c26016f8d004e914 — AV detection: 38 / 69 (55.07)
Other malicious domain names hosted on this IP address:
mytracking.pl 104.21.30.161
arku.xyz 104.21.30.161
authenticindiansonline.com 104.21.30.161