The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
RaccoonStealer botnet controller located at 104.21.8.181 on port 80 (using HTTP GET):
hXXp://ttmirror.top/jdiamond13
$ dig +short ttmirror.top
104.21.8.181
Referencing malware binaries (MD5 hash):
0084fcf83e2875ea3da9af69855c5ed2 — AV detection: 22 / 59 (37.29)
05f79d1eb2a370093f0b5764d53c9bd6 — AV detection: 20 / 66 (30.30)
0d5d12f687657bbb91fa3dd4a6a1ed1e — AV detection: 30 / 69 (43.48)
1ae29ee001df1cbaf61da1551c8bd0b1 — AV detection: 26 / 67 (38.81)
2ed425087a4f2c9163f1e8ffd5c78cdd — AV detection: 25 / 68 (36.76)
4b5411edc840d0453b8ede7c40852cc4 — AV detection: 26 / 68 (38.24)
50f2532b89aea5e72b11fe0ef666ce27 — AV detection: 23 / 68 (33.82)
993e6544749e9fd901a2bbe6251fbee2 — AV detection: 22 / 68 (32.35)
a5bda43f9cddd68c21f8bf60e0dddbe1 — AV detection: 27 / 69 (39.13)
b1c481480053cfdf8df797f2a7c41ae5 — AV detection: 27 / 68 (39.71)
c49079a991ee6716a9c8fc229d27200d — AV detection: 25 / 68 (36.76)
d6bae6aa1ea3b22b699786faf08426e5 — AV detection: 24 / 68 (35.29)
de0e1b757a82ee90faec1e8ad4588462 — AV detection: 27 / 68 (39.71)