The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
RaccoonStealer botnet controller located at 159.223.25.220 on port 80 (using HTTP POST):
hXXp://159.223.25.220/
Referencing malware binaries (MD5 hash):
20c7b0a3a8a030f8eba31a4a3dc52cd5 — AV detection: 55 / 69 (79.71)
344c34de03ae7b7d62a843cb37dacfd8 — AV detection: 26 / 69 (37.68)
4bb6c620715fe25e76d4cca1e68bef89 — AV detection: 49 / 68 (72.06)
7875aab3e23f885df12ff62d9ef5db50 — AV detection: 37 / 68 (54.41)
89626c3e855f2a1e61538b25eb67e164 — AV detection: 51 / 69 (73.91)
a0773b2a6e4651a0846eb9e05e7eeec9 — AV detection: 50 / 70 (71.43)
b515b6805a6f6ff0435d3b5fd0438ec4 — AV detection: 40 / 70 (57.14)
c22c0fdbc19dcd4838709bbaca921f56 — AV detection: 32 / 67 (47.76)
c55c77bf003895d7ca520bac629dfa50 — AV detection: 35 / 68 (51.47)
cb3872a682a6ddc5285733b4a6c3afa6 — AV detection: 44 / 66 (66.67)
cc677eef6d0999912c1c3a0edb76b04d — AV detection: 41 / 62 (66.13)
d2aa2e586ac43a5d798d16f0376370a4 — AV detection: 46 / 68 (67.65)
d496db618f0d7a640a7af7791400ec9c — AV detection: 42 / 65 (64.62)
dd7dcb489754da3c757a58efef55690e — AV detection: 52 / 68 (76.47)