This analytic detects potential Remote Code Execution (RCE) attempts on WS_FTP software, specifically targeting CVE-2023-40044. It identifies suspicious HTTP POST requests sent to the endpoint "/AHT/AhtApiService.asmx/AuthUser" that return a 200 status code, indicating successful communication. By leveraging the Web datamodel, the detection rule monitors URL patterns and HTTP status responses to flag potentially malicious activity that could allow an attacker to execute arbitrary code on affected servers. This activity is particularly concerning as it could lead to unauthorized access or data exfiltration, impacting the security of the system.