The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
OskiStealer botnet controller located at 104.21.62.142 on port 80 (using HTTP POST):
hXXp://modexdeals.ir/7.jpg
$ dig +short modexdeals.ir
104.21.62.142
Referencing malware binaries (MD5 hash):
0a7b9a3a120d129f53edd0c6fa2564b2 — AV detection: 23 / 70 (32.86)
0b6b2968e8f090b22bc47abab70c4dd0 — AV detection: 32 / 70 (45.71)
15ff88418d079a260219d1bc7f8c528a — AV detection: 44 / 68 (64.71)
23b9f735f8bb2607ae05fec9b71dee60 — AV detection: 40 / 70 (57.14)
5ec5b50b93521f0c90686ef036fff786 — AV detection: 37 / 70 (52.86)
6adb8aa23fe92e5441f1156cc3fb949e — AV detection: 31 / 68 (45.59)
918769eceacd168684def1b316ff3198 — AV detection: 25 / 70 (35.71)
aad837c26c32c147e23e49abac741d0b — AV detection: 31 / 70 (44.29)
ad9f15afa8ff9044a73b5a9b5d7f9391 — AV detection: 50 / 70 (71.43)
b65c0ff839f99dc7e62be3f78b625b78 — AV detection: 25 / 67 (37.31)
Other malicious domain names hosted on this IP address:
newsrus.wiki 104.21.62.142
custommealbag.com 104.21.62.142
modexdeals.ir 104.21.62.142