External domain name server has been requested dj.crooxxo.com, the entrance is blocked, this domain is suspected mine pool
With crawl server dns packet analysis
tcpdump -i eth0 -nt -s 50000 port domain -w /opt/wk.txt
Then windows Details wk.txt view dns package open with Wrieshark as follows:
Find 44180 corresponding service on the server