The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
OskiStealer botnet controller located at 104.21.4.131 on port 80 (using HTTP POST):
hXXp://jessecoltd.ir/6.jpg
$ dig +short jessecoltd.ir
104.21.4.131
Referencing malware binaries (MD5 hash):
818856f62f9ef72ae5d9c51877a9b365 — AV detection: 25 / 68 (36.76)
ad8b81f4f8609bf5583c38cb017f8740 — AV detection: 19 / 68 (27.94)
Other malicious domain names hosted on this IP address:
www.cisticolatours.com 104.21.4.131
www.shopreeldeal.com 104.21.4.131
jessecoltd.ir 104.21.4.131