The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 220.127.116.11 on port 1604 TCP:
$ telnet 18.104.22.168 1604
Connected to 22.214.171.124.
Escape character is ‘^]’
$ nslookup 126.96.36.199
$ dig +short ms-insider.net
Referencing malware samples (MD5 hash):
aa551c7de85ef21b2ea8d377d79a5e6a — AV detection: 50 / 69 (72.46%)