The Broadband Guide
search advanced

Port 8080 Details

known port assignments and vulnerabilities
threat/application/port search:
Port(s) Protocol Service Details Source
8080 tcp http Common alternative HTTP port used for web traffic. See also TCP ports 80,81,8443. It can also be used for HTTP Web Proxies. Some broadband routers run a web server on port 8080 for remote management. WAN Administration can (and should, in most cases) be disabled using routers web-based administration interface.

Ubiquiti UniFi Controller uses these ports:
8080 tcp - http port for UAP to inform controller
8443 tcp - https port for controller GUI/API
8880 tcp - http portal redirect port (may also use ports 8881, 8882)
8843 tcp - https portal redirect port
3478 udp - STUN port (should be open at firewall)

Splunk (big data analysis software) uses the following ports by default:
514 - network input port
8000 - web port (clients accessing the Splunk search page)
8080 - index replication port
8089 - management port (splunkd, aslo used by deployment server)
9997 - indexing port (web interface)
9998 - SSL port

Rainmachine smart sprinkler controllers use ports 80, 8080 and 18080.

Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports

Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management

If you're not running web services, keep in mind that some trojans also use these ports:
Reverse WWW Tunnel Backdoor - remote access/tunneling software coded in Perl, uses ports 80, 3128, 8080. Works on Unix, Linux, Solaris, AIX and OpenBSD.
RingZero (a.k.a. Ring0, Trojan.PSW.Ring, RingZero.gen, Ring) - uses ports 80, 3128, 8080. Affects Windows 9x.
Screen Cutter (a.k.a. Backdoor.Screencut) - uses ports 80, 8080.
W32.Mydoom.B@mm [Symantec-2004-012816-3647-99] (2004.01.28) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.

W32.Spybot.OFN [Symantec-2005-042917-1039-99] (2005.04.29) - network-aware worm with DDoS and backdoor capabilities. Spreads through network shares and exploiting multiple vulnerabilities. It ay be downloaded by W32.Kelvir [Symantec-2005-041414-2221-99] variants. Opens a backdoor on port 8080/tcp. Also exploits vulnerabilities on ports 445 and 1433.

W32.Zotob.C@mm [Symantec-2005-081516-4417-99] (2005.08.16) - a mass-mailing worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It connects to IRC servers and listens for remote commands on port 8080/tcp. It also opens an FTP server on port 33333/tcp.
Note: Same ports are used by the W32.Zotob.A [Symantec-2005-081415-0646-99] and W32.Zotob.B [Symantec-2005-081415-0741-99]variants of the worm as well.

W32.Zotob.E [Symantec-2005-081615-4443-99] (2005.08.16) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000.
The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It opens port 69/udp to initiate TFTP transfers. It also opens a backdoor on remote compromised computers on port 8594/tcp.
Backdoor.Naninf.D [Symantec-2006-020115-0317-99] (2006.02.01)
Backdoor.Naninf.C [Symantec-2006-013111-4821-99] (2006.01.31)

W32.Rinbot.A [Symantec-2007-021615-1555-99] (2007.03.02) - a worm that opens a back door, copies itself to IPC shares, connects to an IRC server, and awaits commands on port 8080/tcp. See Also [CVE-2002-1123], [CVE-2006-2630], [CVE-2006-3439]

Android.Acnetdoor [Symantec-2012-051611-4258-99] (2012.05.16) - opens a backdoor on Android devices

Feodo/Geodo (a.k.a. Cridex or Bugat) trojan used to commit e-banking fraud uses ports 8080 tcp and 7779/tcp to run a nginx proxy and communicate with the botnet C&C server.

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
References: [CVE-2017-2683], [BID-96455]

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
References: [CVE-2017-2682], [BID-96458]

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
References: [CVE-2018-19911]

HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy - the backdoor creates a Windows service backed by an executable named "1314.exe", it lives under C:\WINDOWS and listens on TCP ports 1080 and 8080. Third-party adversaries who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host. The relay does not require authentication or any special User-agent check and leverages the HTTP Host header in the request to connect to third-party systems.
References: [MVID-2021-0176]
8080 udp trojans Backdoor.Tjserv.D [Symantec-2005-100415-4002-99] (2005.10.04) - a backdoor trojan that acts as a HTTP and SOCKS4/5 proxy. Opens a backdoor and listens for remote commands on port 8080/udp. Also opens a HTTP, SOCKS4 and SOCKS5 proxy on port 52179/tcp.

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.
References: [CVE-2019-13129]
8080 tcp HTTP alternate (http_alt) - commonly used for Web proxy and caching server, or for running a Web server as a non-root user (official) Wikipedia
8080 tcp Apache Tomcat (unofficial) Wikipedia
8080 udp FilePhile Master/Relay (unofficial) Wikipedia
8080 tcp trojan Reverse WWW Tunnel Backdoor , RingZero, Screen Cutter Trojans
1099,5000-5001,8080 tcp applications DINA RMC Portforward
8080 tcp,udp applications EvoCam Portforward
8080 tcp applications Pirate Radio Portforward
8080 tcp applications Pirate Radio Portforward
7777,8080,8777,9777,27900 tcp applications Unreal Tournament Portforward
8080,8090 tcp applications WebcamXP Portforward
8080,8888 tcp applications X10 Multiview Portforward
8080 tcp http-proxy Common HTTP proxy/second web server port Nmap
8080 tcp BrownOrifice [trojan] Brown Orifice Neophasis
8080 tcp Genericbackdoor [trojan] Generic backdoor Neophasis
8080 tcp RemoConChubo [trojan] RemoConChubo Neophasis
8080 tcp ReverseWWWTunnel [trojan] Reverse WWW Tunnel Backdoor Neophasis
8080 tcp RingZero [trojan] RingZero Neophasis
8080 tcp threat Brown Orifice Bekkoame
8080 tcp threat Feutel Bekkoame
8080 tcp threat Haxdoor Bekkoame
8080 tcp threat Hesive Bekkoame
8080 tcp threat Mydoom Bekkoame
8080 tcp threat Naninf Bekkoame
8080 tcp threat Nemog Bekkoame
8080 tcp threat Reverse WWW Tunnel Backdoor Bekkoame
8080 tcp threat RingZero Bekkoame
8080 tcp threat Ryknos Bekkoame
8080 tcp threat Tjserv Bekkoame
8080 tcp threat W32.Kelvir Bekkoame
8080 tcp threat W32.Mytob Bekkoame
8080 tcp threat W32.Opanki Bekkoame
8080 tcp threat W32.Picrate Bekkoame
8080 tcp threat W32.Spybot Bekkoame
8080 tcp threat W32.Zotob Bekkoame
8080 tcp threat Webus Bekkoame
8080 tcp,udp http-alt HTTP Alternate (see port 80) IANA
38 records found
jump to:
previous next

Related ports: 80  445  514  591  3128  7779  8008  8009  8081  8089  8443  8594  9997  9998  18080  33333  52179  

« back to SG Ports

External Resources
SANS Internet Storm Center: port 8080

Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 8080.
  User Reviews/Comments:
by anonymous - 2016-07-05 06:29
8080 port is used by the speedtest protocol
by anonymous - 2020-04-17 16:59
Good article sums it up well
by cmcqueen - 2021-11-24 19:10
Please add 8000 to related ports, since it is an unofficial but common alternative HTTP port.
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About