Port(s) |
Protocol |
Service |
Scan level |
Description |
10094 |
tcp,udp |
games |
not scanned |
Football Manager 2005 |
10099 |
tcp |
trojans |
Premium scan |
W32.Mytob.FX@mm [Symantec-2005-062313-5401-99] - mass-mailing worm that opens a backdoor and listens for remote commands on port 36311/tcp, also runs an FTP server on port 10099/tcp. |
10100 |
tcp,udp |
trojans |
not scanned |
Backdoor.Ranky.O [Symantec-2004-122417-2948-99], Control Total, GiFt trojan, Scalper, Slapper
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
References: [CVE-2023-1133] |
10101 |
tcp |
trojan |
Premium scan |
BrainSpy trojan |
10102 |
tcp |
backdoor |
Premium scan |
Backdoor.Staprew.B [Symantec-2005-050215-0935-99] (2005.05.02) - backdoor program, contacts the lowesapr.net domain on port 10102/tcp with the IP of the compromised computer and a number of the random tcp port of the backdoor.
Backdoor.Urat [Symantec-2003-063013-1558-99] (2003.06.30) - allows unauthorized access to an infected computer. This Trojan Horse opens port 10102 to communicate with the attacker.
Port is also IANA registered for eZproxy |
10102 |
udp |
playfi |
not scanned |
Play-Fi from DTS may broadcast on port 10102/UDP to discover speakers/devices. |
10103 |
tcp |
trojan |
Premium scan |
Backdoor.Tuimer [Symantec-2005-031715-1256-99] |
10104 |
udp |
trojans |
not scanned |
Backdoor.Lowtaper [Symantec-2004-101411-3637-99] - remote access trojan, affects Windows, uses ports 24681/tcp and 10104/udp |
10109 |
tcp |
vmware |
not scanned |
VMware vSphere vCenter Inventory Service Service Management
|
10110 |
tcp,udp |
nmea-0183 |
not scanned |
Backdoor.Win32.Prexot.a / Authentication Bypass - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110. Third-party attackers who can reach an infected system can logon using any username/password combination.
References: [MVID-2022-0484]
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110 and accepts any credentials. Third-party intruders who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2022-0485]
NMEA-0183 Navigational Data (IANA official) |
10111 |
udp |
nmea-onenet |
not scanned |
NMEA OneNet multicast messaging [National Marine Electronics Association] (IANA official) |
10111 |
tcp |
vmware |
not scanned |
VMware vSphere vCenter Inventory Service Linked Mode Communication |
10113 |
tcp,udp |
netiq-endpoint |
not scanned |
NetIQ Endpoint (IANA official) |
10114 |
tcp,udp |
netiq-qcheck |
not scanned |
NetIQ Qcheck (IANA official) |
10115 |
tcp,udp |
netiq-endpt |
not scanned |
NetIQ Endpoint (IANA official) |
10116 |
tcp,udp |
netiq-voipa |
not scanned |
NetIQ VoIP Assessor (IANA official) |
10117 |
tcp,udp |
iqrm |
not scanned |
NetIQ IQCResource Managament Svc (IANA official) |
10123 |
tcp |
sccm |
not scanned |
SCCM (System Center Configuration Manager) Microsoft software management suite uses port 10123 for client notifications |
10128 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
References: [CVE-2007-2136], [BID-23557]
Port is also IANA registered for BMC-Perform-Service Daemon |
10129 |
tcp |
bmc-gms |
not scanned |
BMC General Manager Server |
10137 |
udp |
applications |
not scanned |
Avaya WinPDM is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the MwpCsi.exe service. By sending an overly long string to UDP port 10137, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [XFDB-67604] [BID-47947] |
10138 |
udp |
applications |
not scanned |
Avaya WinPDM is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PMServer.exe service. By sending an overly long string to UDP port 10138, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [XFDB-67605], [BID-47947] |
10155 |
tcp |
rsync |
not scanned |
Plesk rsync custom migrator service for misc tasks (Windows only) uses port 10155/tcp |
10156 |
tcp |
rsync |
not scanned |
Plesk rsync server migration (Windows only) uses port 10156/tcp |
10161 |
tcp |
snmptls |
not scanned |
SNMP-TLS [RFC 6353] (IANA official) |
10161 |
udp |
snmpdtls |
not scanned |
SNMP-DTLS [RFC6353] (IANA official) |
10167 |
udp |
trojans |
not scanned |
Portal of Doom (coded in Visual Basic, 03.1999) is a popular remote access trojan that uses ports 3700/tcp, 9872-9875/tcp, 10067/udp, 10167/udp. |
10168 |
tcp |
trojans |
Premium scan |
W32.HLLW.Lovgate [Symantec-2003-021916-4352-99] - a worm with backdoor trojan capabilities. Affects all current Windows versions. |
10172 |
tcp |
applications |
not scanned |
Intuit Quickbooks client |
10194 |
tcp |
twilio |
not scanned |
Twilio Client WebRTC uses port 10194 TCP for signaling to chunderm.gll.twilio.com
|
10196 |
udp |
games |
not scanned |
Tom Clancy's Splinter Cell: Conviction, developer: Ubisoft Montreal |
10200 |
tcp,udp |
trisoap |
not scanned |
NetFone, FRISK Software International's fpscand virus scanning daemon for Unix platforms (TCP)
A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.
References: [CVE-2020-5778], [CVE-2020-5779]
Trigence AE Soap Service (IANA official) |
10201 |
tcp |
rsms |
not scanned |
Remote Server Management Service, FRISK Software International's f-protd virus scanning daemon for Unix platforms |
10201 |
udp |
rscs |
not scanned |
Remote Server Control and Test Service (IANA official) |
10212 |
tcp |
applications |
not scanned |
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.
References: [CVE-2013-2785]
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.
References: [CVE-2014-0751], [BID-65117] |
10241 |
tcp |
games |
not scanned |
Aion |
10243 |
tcp,udp |
wmp |
not scanned |
Windows Media Player Network Sharing Service |
10250 |
tcp,udp |
applications |
not scanned |
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References: [CVE-2020-8551]
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References: [CVE-2021-20198] |
10253 |
udp |
eapol-relay |
not scanned |
Relay of EAPOL frames (IANA official) |
10255 |
tcp,udp |
applications |
not scanned |
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References: [CVE-2020-8551] |
10261 |
tcp |
tile-ml |
not scanned |
IANA registered for: Tile remote machine learning |
10301 |
tcp |
applications |
not scanned |
VoiceIP-ACS UMP default device provisioning endpoint |
10302 |
tcp |
applications |
not scanned |
VoiceIP-ACS UMP default device provisioning endpoint (SSL) |
10308 |
tcp,udp |
applications |
not scanned |
Lock On
DCS Black Shark
Digital Combat Simulator Dedicated Server |
10426 |
tcp |
applications |
not scanned |
Backdoor.Win32.Agent.cu / Authentication Bypass RCE - the malware listens on TCP ports 10426, 56185. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0303] |
10439 |
udp |
bngsync |
not scanned |
BalanceNG session table synchronization protocol - a Software IP Load Balancing Solution utilising its own network stacks and functionality. [Inlab_Software_GmbH] (IANA official) |
10443 |
tcp,udp |
dogtag |
Premium scan |
Commonly used as an alternate SSL port.
VMware vSphere vCenter Inventory Service HTTPS
Fortinet SSL VPN default alternate port
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure)
IANA registered for: CirrosSP Workstation Communication (TCP) |
10468 |
udp |
applications |
not scanned |
Flyer - discovery protocol |
10480 |
udp |
games |
not scanned |
Swat 4 |
10481 |
udp |
games |
not scanned |
Swat 4 |
10482 |
udp |
games |
not scanned |
Swat 4 |
10483 |
udp |
games |
not scanned |
Swat 4 |
10498 |
udp |
trojan |
not scanned |
Mstream trojan
DDOS Communication also uses this port |
10500 |
udp |
hip-nat-t |
not scanned |
HIP NAT-Traversal [RFC 5770] (IANA official) |
10500 |
tcp |
worm |
Premium scan |
Dark Ages of Camelot game uses TCP ports 1280,10500,10622 TCP and a dynamic UDP port (1024-65535 range)
W32.Linkbot.H [Symantec-2005-011210-3257-99] (2005.01.12) - a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin [MS04-011]) in order to propagate. It also creates a back door on the system accessible through IRC. |
10514 |
udp |
applications |
not scanned |
A vulnerability has been reported in WinSyslog, which can be exploited to cause a DoS (Denial of Service) on a vulnerable syslog server.
The vulnerability is caused due to an error when the interactive syslog server receives and displays syslog events. This can be exploited by sending UDP datagrams containing arbitrary, overly large amounts of data to the interactive server (default port 10514/udp), which will cause it to freeze and halt the OS.
References: [SECUNIA-10004] |
10520 |
tcp |
trojan |
Premium scan |
Acid Shivers trojan |
10528 |
tcp |
trojan |
Premium scan |
Host Control trojan |
10529 |
tcp,udp |
applications |
not scanned |
Buzz 3D VideoChat |
10532 |
udp |
games |
not scanned |
Commandos 3: Destination Berlin |
10548 |
tcp |
serverdocs |
not scanned |
Apple Document Sharing (IANA official) |
10554 |
tcp |
applications |
not scanned |
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
References: [CVE-2017-8223], [XFDB-125410] |
10578 |
tcp |
games |
not scanned |
Skyrim Together multiplayer server for the The Elder Scrolls V: Skyrim mod. |
10600 |
tcp,udp |
applications |
not scanned |
OpenWengo |
10602 |
tcp,udp |
applications |
not scanned |
OpenWengo |
10607 |
tcp |
trojan |
Premium scan |
Coma trojan |
10616 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command.
References: [CVE-2007-5699], [BID-26189] |
10618 |
tcp |
applications |
not scanned |
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a &CONNECTSERVER&, &ADDENTRY&, &FIN&, &START&, &LOGPATH&, &FWADELTA&, &FWALOG&, &SETSYNCHRONOUS&, &SETPRGFILE& or &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.
References: [CVE-2007-0228], [BID-21994] |
10622 |
tcp |
games |
Premium scan |
Dark Ages of Camelot game uses TCP ports 1280,10500,10622 TCP and a dynamic UDP port (1024-65535 range) |
10631 |
tcp |
printopia |
not scanned |
Port to allow for administration and control of "Printopia" application software, which provides printing services to mobile users [Ecamm Network LLC] (IANA official) |
10651 |
tcp |
applications |
not scanned |
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
References: [CVE-2011-2963], [BID-46907]
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
References: [CVE-2014-0778], [XFDB-92615] |
10666 |
udp |
trojan |
not scanned |
Zandronum game servers use port 10666 TCP/UDP for games like multiplayer Doom.
Malware using this port: Ambush trojan, Roxrat backdoor
|
10700 |
tcp,udp |
applications |
not scanned |
KDX Server |
10752 |
tcp |
backdoor |
Members scan |
Backdoor. One of the many Linux mountd (port 635) exploits installs its backdoor at this port. Origin??? 10751 = 0x2a00, where 0x2a = 42 (proposed by Darren Reed)
The bx.c IRC exploit puts a root shell backdoor listening at this port.
The ADM named v3 attack puts a shell at this port. |
10777 |
|
applications |
not scanned |
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
References: [CVE-2002-1507] |
10800 |
tcp,udp |
gap |
not scanned |
Touhou fight games (Immaterial and Missing Power, Scarlet Weather Rhapsody, Hisoutensoku, Hopeless Masquerade and Urban Legend in Limbo) (TCP)
IANA registered for: Gestor de Acaparamiento para Pocket PCs |
10809 |
tcp |
nbd |
not scanned |
Linux Network Block Device |
10810 |
udp |
nmc-disc |
not scanned |
Nuance Mobile Care Discovery |
10823 |
tcp,udp |
applications |
not scanned |
Farming-Simulator |
10836 |
tcp |
applications |
not scanned |
configurable-world-domination-game multiplayer server |
10860 |
tcp,udp |
helix |
not scanned |
Helix Client/Server |
10880 |
tcp,udp |
bveapi |
not scanned |
BVEssentials HTTP API [Tri_Tech_Computers_Ltd] (IANA official) |
10887 |
tcp |
trojan |
Premium scan |
BDDT trojan |
10888 |
tcp |
trojans |
Premium scan |
Trojan.Webus.C [Symantec-2004-101212-0903-99] (2004.10.12) - remote access trojan. Affects all current Windows versions. Connects to an IRC server (on port 8080) and opens a backdoor on TCP port 10888 or 1080. |
10889 |
tcp |
trojan |
Premium scan |
BDDT trojan |
10891 |
tcp |
applications |
not scanned |
Jungle Disk (this port is opened by the Jungle Disk Monitor service on the localhost) |
10933 |
tcp |
octopustentacle |
not scanned |
Octopus Deploy Tentacle deployment agent (IANA official) |
10975 |
tcp,udp |
games |
not scanned |
TOCA Race Driver 2 |
11000 |
tcp,udp |
applications |
Premium scan |
Port used by Cisco Border Gateway Protocol, Microsoft Visual Studio, .Net Framework, SCInterface, Video Insight Health Monitor.
Games using this port: Everquest Online Adventrures, The Matrix Online, The Matrix Online (TCP), Archlord, Subnautica multiplayer mod Nitrox
Malware using this port: Senna Spy Trojan Generator, DataRape |
11001 |
tcp,udp |
metasys |
not scanned |
Metasys (IANA official) |
11002 |
tcp,udp |
games |
not scanned |
Archlord, developer: NHN Games Corporation |
11008 |
tcp,udp |
games |
not scanned |
Archlord, developer: NHN Games Corporation |
11010 |
tcp |
applications |
not scanned |
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References: [CVE-2018-11517] |
11011 |
tcp |
trojan |
Premium scan |
Amanda trojan |
11031 |
tcp,udp |
games |
not scanned |
Heroes of Newerth |
11050 |
tcp |
trojan |
Premium scan |
Host Control trojan |
11051 |
tcp |
trojan |
Premium scan |
Host Control trojan |
11080 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
11092 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
11095 |
udp |
weave |
not scanned |
device-to-service application protocol [Nest_Labs_Inc] (IANA official) |