Ftp Authenticated Upload To Pub Vendor

FTP session where a client probes for valid usernames, attempts authentication, enters passive mode, negotiates transfer modes (ASCII/Binary), enumerates the /pub/vendor directory, and attempts to upload info.zip. This sequence reflects authenticated directory reconnaissance followed by file placement into a publicly accessible path, consistent with staged content deployment.

Observed IPs

Avg Confidence

88%

Severity

high

Top IPs by event countFTP

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
213.145.146.50	98%	991	118	🇰🇬 KG	AS12997	2026-03-02
37.212.49.154	88%	504	42	🇧🇾 BY	AS6697	2026-02-10
185.203.238.5	84%	504	42	🇺🇿 UZ	AS8193	2026-02-05
195.68.241.72	87%	503	42	🇷🇺 RU	AS57233	2026-02-06
185.203.236.250	97%	287	56	🇺🇿 UZ	AS8193	2026-02-23
80.72.179.223	94%	286	55	🇰🇬 KG	AS12997	2026-02-28
110.152.180.60	85%	252	21	🇨🇳 CN	AS4134	2026-02-11
213.230.93.30	85%	252	21	🇺🇿 UZ	AS8193	2026-02-08
78.179.93.151	85%	252	21	🇹🇷 TR	AS9121	2026-02-09
185.203.236.242	85%	252	21	🇺🇿 UZ	AS8193	2026-02-11
178.206.207.94	85%	252	21	🇷🇺 RU	AS28840	2026-02-11
213.230.92.99	85%	252	21	🇺🇿 UZ	AS8193	2026-02-04
213.230.92.62	85%	252	21	🇺🇿 UZ	AS8193	2026-02-04
66.102.123.152	85%	252	21	🇵🇰 PK	AS150671	2026-02-07
182.190.58.27	85%	252	21	🇵🇰 PK	AS17557	2026-02-05
212.154.212.198	85%	252	21	🇰🇿 KZ	AS50482	2026-02-05
183.80.28.106	85%	252	21	🇻🇳 VN	AS18403	2026-02-06
212.112.118.101	85%	252	21	🇰🇬 KG	AS12764	2026-02-07
92.47.112.86	85%	252	21	🇰🇿 KZ	AS9198	2026-02-03
195.3.134.102	85%	251	21	🇺🇦 UA	AS29031	2026-02-06