Portknocking IP with malware?

See: htxp://222.187.223.18:8881/
https://www.virustotal.com/nl/url/cf69fa7667b671270a213ca958035cfb2de1f5e0fb4037966b53f31c6955756d/analysis/1412613654/
Website with errors, Unable to properly scansite.
Nothing here: http://www.ipillion.com/ip/222.187.223.18
nor here: http://urlquery.net/report.php?id=1412614013412
See: https://www.robtex.com/en/advisory/ip/222/187/223/18/
No Spammer and nothing here: http://www.ipvoid.com/scan/222.187.223.18/

Anyone?

pol

This could be the port-knocking with helper from there:


[options]
        logfile = /var/log/knockd.log
[opencloseSSH]
        sequence      = 8881:tcp,7777:tcp,9991:tcp
        seq_timeout   = 15
        tcpflags      = syn,ack
        start_command = /usr/bin/iptables -A TCP -s %IP% -p tcp --dport 22 -j ACCEPT
        cmd_timeout   = 10
        stop_command  = /usr/bin/iptables -D TCP -s %IP% -p tcp --dport 22 -j ACCEPT 

suggestion of procedure see Wikipedia…

pol