Re: [POOL][Scrypt][Scrypt-N][X11] Profit switching pool

Quote from: poolwaffle on October 14, 2014, 03:22:17 PM

Quote from: utahjohn on October 14, 2014, 01:20:04 AM

Any idea what this is:
2014-10-13 19:16:37 [Pool] [diamondcoin] (Thread 2) Malformed message from (unauthorized) [117.25.128.139]: �Cookie: mstshash=g

http://www.tcpiputils.com/browse/ip-address/117.25.128.139

Not much help there, but it is in China

is there any way I can examine the malformed message Huh

I suppose I'll have to have some TCP logging of some sort and wait for another one ... only get it a couple times a day ...

Looks fine, anything could be a malformed message, as long as it doesn't conform to exactly what NOMP was expecting. So if you connected and just sent "{a:a:a:a:A:a:a:a:a:]" to it, it would probably break and spit out the same line of text (malformed message). Assuming there isn't a flaw in how NOMP parses the data coming in, its just garbage data...

OK I'm still gonna block that IP in firewall tho

Got another one from another IP 192.210.53.41, looking at where it came from.

Had similar Cookie: mstshash=a

Domain neighbors for IP: 192.210.53.41

Found 2 websites running on IP address 192.210.53.41.
Domain   Pagerank   Alexa ranking   Quantcast ranking
xuezhao.net
sanlewh.com

Found 65 IP addresses with hosting around 192.210.53.41.
IP address   Number of websites   Example
192.210.53.3   1   defurid.com
192.210.53.6   1   eucoque.fr
192.210.53.14   1   pdstp.com
192.210.53.18   67   utf8.cn
192.210.53.19   1   689686.com
192.210.53.38   2   yazhoubocaitong.com
192.210.53.39   1   jinguanquanxunwang.com
192.210.53.40   2   yushouzhe.com
192.210.53.41   2   sanlewh.com
192.210.53.45   2   kjiussfiiu.com
192.210.53.46   1   tonkincorp.com
192.210.53.49   2   ucskqq.com
192.210.53.54   1   jingbaominzzmz.com
192.210.53.57   2   jingdongmmzgdool.com
192.210.53.75   4   dlrft.com
192.210.53.77   1   hujita-store.com
192.210.53.98   1   ctom.us
192.210.53.101   8   sengd88.xyz
192.210.53.103   2   borcr.com
192.210.53.107   10   acy.in
192.210.53.108   1   supplierss.com
192.210.53.109   1   yyjiaoyi.com
192.210.53.110   1   yixiuba.com
192.210.53.111   1   beststyledresses.com
192.210.53.113   3   yaoons.org
192.210.53.116   1   342324.com
192.210.53.118   2   2014bikinis.com
192.210.53.119   1   qbochina.com
192.210.53.125   1   superstarwigs.com
192.210.53.131   1   fatswede.com
192.210.53.139   1   qaiai.wang
192.210.53.155   1   fangzhiguan.com
192.210.53.162   1   njhbs.net
192.210.53.163   1   yingtaowang.net
192.210.53.164   1   tonglelebaby.com
192.210.53.165   1   huayaexpo.com
192.210.53.166   1   5use.net
192.210.53.167   1   jsfgold.com
192.210.53.168   1   jxjihong.com
192.210.53.169   1   jxmin.com
192.210.53.170   1   kanituan.com
192.210.53.171   1   lcdycm.com
192.210.53.172   1   lfdahao.com
192.210.53.173   1   szwfl.com
192.210.53.174   1   lzshengfa.com
192.210.53.175   1   mybesa.com
192.210.53.176   1   qianqin.net
192.210.53.177   1   qianyiwang.com
192.210.53.178   1   souney.com
192.210.53.179   1   szrongxing.com
192.210.53.180   1   liupinyan.com
192.210.53.181   1   tzwuxin.com
192.210.53.182   1   wuyetuan.com
192.210.53.183   1   xynhsh.com
192.210.53.184   1   xzy88.com
192.210.53.185   1   zjrjyy.com
192.210.53.186   1   beiyunsi.com
192.210.53.187   1   cimdo.com
192.210.53.188   1   hbhtc.com
192.210.53.189   1   hzzuche.net
192.210.53.190   1   icharmonline.com
192.210.53.194   1   dirpy.com
192.210.53.208   1   hljer.com
192.210.53.210   1   x3x3x3.com
192.210.53.211   2   qyk.cc

China again ... The whois shows California, USA on another web tool ...-

And another one:
2014-10-14 11:49:32 [Pool]   [diamondcoin] (Thread 2) Malformed message from (unauthorized) [80.82.70.239]: �Cookie: mstshash=a

have you seen this linux backdoor analysis : https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/

Thanks