The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
OskiStealer botnet controller located at 18.104.22.168 on port 80 (using HTTP POST):
$ dig +short secureconnection.xyz
Referencing malware binaries (MD5 hash):
ad7d92bbc2ff5804551b86b319de9e0d — AV detection: 41 / 71 (57.75)
c11accc6b91c118a30fc9ea60b72258b — AV detection: 13 / 61 (21.31)
Other malicious domain names hosted on this IP address: