My guess is that they are running a network security tool which looks for problematic open ports on every machine on their networks. In general, FTP is regarded as “problematic”.
R-Shake is using vsFTP, which, if correctly configured, is much more secure than more traditional FTP servers, but network security generally dislike any FTP servers, and so question any instance of an open port 21.
vsFTPd is running within a docker container, so it’s not obvious how it is configured or what is is used for?
If it’s not essential, it looks like it could be blocked using iptables:
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10100
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10099
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10098
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10097
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10096
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10095
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10094
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10093
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10092
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10091
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10090
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:ftp
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18006
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18002
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18000
ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:16032