The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 18.104.22.168 on port 9764 TCP:
$ telnet 22.214.171.124 9764
Connected to 126.96.36.199.
Escape character is ‘^]’
$ nslookup 188.8.131.52
$ dig +short salesumishcn.ddns.net
Referencing malware samples: