Until Cryptoceelo has upload his rewritten firmware with 10% more hashrate and can proove his findings, he is a BIG LIAR.
According to Creeptoceelo, the packages were encrypted, how do he know it was 10% or maybe more hasrate if he can't read the packages content.
I pm him regarding simple questions, I got pms back, but when I pm him asking about which IP the packages are sent to, he went silent.
And you're probably right. Just use a computer on the same network as the miner and see what the ethernet traffic is using wireshark. You should be able to see all of the IP's and type of related traffic being accessed over your network.