Has anyone seen anything similar to this:
Analysis
Source Remote Worker Port (IP hidden) was observed communicating with destination IP 164.92.251.25 over destination port 50060/TCP. The observed stream data matched on a signature for a return traffic for an id command, typically run using a shell. The observed stream data appears to contain various options that would be present within a webshell as well as containing data regarding the webserver.
We're seeing these and they're pointing to our ASBCe Remote Worker Port
------------------------------
George Geyer
Voice, Video & Infrastructure Systems Engineer
Kitsap County
Port Orchard WA
------------------------------