consistent jws signature error in off chain messages from address d8dd76582712c568d362049c2618da04

[longbowlu]

Hi. Starting from May 7th, Novi gets a consistent stream of traffic from address d8dd76582712c568d362049c2618da04 on premainnet, which seems to be owned by reference wallet. And every message incurred an invalid jws signature error.

The QPS was initially 1.8 and then jumped to 2 since May 18th. Before May 18th, 100% of them had invalid jws signature, and after the number is 80%. Thus it does look like a cron job or a periodical tests running, instead of human manually doing ad-hoc operations.

Example x-request-id: b187fd61-89fb-49a6-b550-82787b6f29fe Example message that couldn't pass jws signature verification:

eyJhbGciOiJFZERTQSJ9.eyJjaWQiOiAiOTViYmYxN2YtZWMyNy00OGNiLWJjY2YtZWZkYTY4MjdlZGE2IiwgImNvbW1hbmRfdHlwZSI6ICJQYXltZW50Q29tbWFuZCIsICJjb21tYW5kIjogeyJfT2JqZWN0VHlwZSI6ICJQYXltZW50Q29tbWFuZCIsICJwYXltZW50IjogeyJyZWZlcmVuY2VfaWQiOiAiYjVmYTRhNWQtNzBhYS00MzVmLTlhYjAtODZlN2VlNjJhYjJjIiwgInNlbmRlciI6IHsiYWRkcmVzcyI6ICJwZG0xcG1yd2h2a3A4enR6azM1bXpxand6dnh4NnFuaHJmZWc2ZXVhdHZ5cXQwd2tweiIsICJzdGF0dXMiOiB7InN0YXR1cyI6ICJuZWVkc19reWNfZGF0YSJ9LCAia3ljX2RhdGEiOiB7InR5cGUiOiAiaW5kaXZpZHVhbCIsICJwYXlsb2FkX3ZlcnNpb24iOiAxLCAiZ2l2ZW5fbmFtZSI6ICJNeXJ0aWNlIiwgInN1cm5hbWUiOiAiS296ZXkiLCAiYWRkcmVzcyI6IHsiY2l0eSI6ICJXZXN0IEphbml5YWZ1cnQiLCAiY291bnRyeSI6ICJVUyIsICJsaW5lMSI6ICIyMTcgQmVyZ3N0cm9tIFJvdXRlIiwgImxpbmUyIjogIiIsICJwb3N0YWxfY29kZSI6ICI5ODQ0Mi05NzczIiwgInN0YXRlIjogIklkYWhvIn0sICJkb2IiOiAiMjAyMC0wNy0wNSJ9fSwgInJlY2VpdmVyIjogeyJhZGRyZXNzIjogInBkbTFwY3czd3d5eWMyd3oycmpoenQ3NDA2ZXB1cWN3Yzl2bHhzd255bThjZThrNXJ3IiwgInN0YXR1cyI6IHsic3RhdHVzIjogIm5vbmUifX0sICJhY3Rpb24iOiB7ImFtb3VudCI6IDI2MDAwMDAwMDAsICJjdXJyZW5jeSI6ICJYVVMiLCAiYWN0aW9uIjogImNoYXJnZSIsICJ0aW1lc3RhbXAiOiAxNjIwMzcyMzEzfX19LCAiX09iamVjdFR5cGUiOiAiQ29tbWFuZFJlcXVlc3RPYmplY3QifQ==.NFzJkbbsNZopgt5mK5bIBQC1sYOnNbOhk7FzZBZ0CmL_ZxlXEuTgl7RpuUyJPliqTw1vMcfD7boiU7ioWtSIBA==

Please help look into this, thank you

cc @davidiw