Ftp Authenticated Session Establishment

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

Observed IPs

280

Avg Confidence

80%

Severity

medium

Top IPs by event countFTP

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
152.32.197.121	98%	2,077	464	🇧🇷 BR	AS135377	2026-04-17
165.154.182.221	89%	1,795	615	🇺🇸 US	AS135377	2026-04-13
118.193.47.212	100%	1,772	613	🇭🇰 HK	AS135377	2026-04-16
152.32.131.245	99%	1,757	712	🇭🇰 HK	AS135377	2026-04-17
128.14.225.253	99%	1,468	680	🇺🇸 US	AS135377	2026-04-15
45.43.62.77	99%	1,457	648	🇩🇪 DE	AS135377	2026-04-16
118.194.249.72	100%	1,417	764	🇰🇷 KR	AS135377	2026-04-17
123.58.209.112	99%	1,406	720	🇭🇰 HK	AS135377	2026-04-11
118.194.248.142	99%	1,396	591	🇰🇷 KR	AS135377	2026-04-17
165.154.179.204	98%	1,351	560	🇷🇺 RU	AS135377	2026-04-16
101.36.114.252	99%	1,346	716	🇰🇷 KR	AS135377	2026-04-16
169.197.113.175	98%	1,298	578	🇬🇧 GB	AS135377	2026-04-17
165.154.36.245	94%	1,289	663	🇺🇸 US	AS135377	2026-04-14
150.107.38.40	99%	1,261	547	🇭🇰 HK	AS135377	2026-04-17
101.36.122.183	97%	1,254	529	🇭🇰 HK	AS135377	2026-04-17
152.32.207.234	98%	1,228	548	🇺🇸 US	AS135377	2026-04-16
128.14.237.43	99%	1,219	546	🇺🇸 US	AS135377	2026-04-16
152.32.128.169	93%	1,203	383	🇭🇰 HK	AS135377	2026-04-17
165.154.218.158	98%	1,156	644	🇺🇸 US	AS135377	2026-04-17
165.154.179.62	100%	1,147	646	🇷🇺 RU	AS135377	2026-04-17