The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
RaccoonStealer botnet controller located at 104.21.61.215 on port 80 (using HTTP GET):
hXXp://tgmirror.top/stevuitreen
$ dig +short tgmirror.top
104.21.61.215
Referencing malware binaries (MD5 hash):
209ed3853c9ac9a5a76fc48808869188 — AV detection: 21 / 67 (31.34)
ef6a1d7aa56e9963584f799d6596899c — AV detection: 22 / 67 (32.84)
f59b60bfb932f13567c3b1a727955e9e — AV detection: 20 / 66 (30.30)