I really wouldn't read much into it.  Its most likely just someone scanning around for vulnerabilities and spewing data at random ports/ips around the internet.  Its obviously passing a cookie (something that isn't even remotely connected to stratum), you're going down a rabbit hole looking for stuff that probably isn't there...  Imagine I pulled up a random SMTP vulnerability for a random SMTP server, and fired it at your stratum server.  Your server would say "malformed message", and you can either ignore it (very safely),  or spend a ton of time tracking down essentially nothing.