The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Loki botnet controller located at 104.21.87.137 on port 80 (using HTTP POST):
hXXp://controlsvr1.tk/Concord/fre.php
$ dig +short controlsvr1.tk
104.21.87.137
Referencing malware binaries (MD5 hash):
9895aa94d450240f6ff12035664a4f20 — AV detection: 27 / 69 (39.13)
Other malicious domain names hosted on this IP address:
hu.buywatches.is 104.21.87.137
nl.buywatches.is 104.21.87.137
pt.buywatches.is 104.21.87.137
qwasm.com 104.21.87.137
controlsvr1.tk 104.21.87.137