| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 4370 |
tcp,udp |
elpro_tunnel |
not scanned |
The ZKSoftware ZK5000 and ZK9000 management software could provide weaker than expected security, caused by missing authentication checks for remote access. By sending a request to UDP port 4370, a remote attacker could exploit this vulnerability to perform certain administrative actions and obtain information without having proper authentication.
References: [XFDB-57067], [EDB-11822]
IANA registered for: ELPRO V2 Protocol Tunnel |
| 4379 |
udp |
games |
not scanned |
Steamworks P2P Networking and Steam Voice Chat UDP
R.U.S.E.
|
| 4380 |
udp |
applications |
not scanned |
Steam Client, R.U.S.E., Breach, Left 4 Dead
Napoleon - Total War also uses port 4380 (TCP/UDP) |
| 4387 |
tcp |
trojan |
Premium scan |
Phatbot |
| 4398 |
udp |
applications |
not scanned |
Apple Game Center |
| 4400 |
tcp,udp |
ds-srv |
not scanned |
ASIGRA Services |
| 4401 |
tcp,udp |
ds-srvr |
not scanned |
ASIGRA Televaulting DS-System Service |
| 4402 |
tcp,udp |
ds-clnt |
not scanned |
ASIGRA Televaulting DS-Client Service |
| 4403 |
tcp,udp |
ds-user |
not scanned |
ASIGRA Televaulting DS-Client Monitoring/Management |
| 4404 |
tcp,udp |
ds-admin |
not scanned |
ASIGRA Televaulting DS-System Monitoring/Management |
| 4405 |
tcp,udp |
ds-mail |
not scanned |
ASIGRA Televaulting Message Level Restore service |
| 4406 |
tcp,udp |
ds-slp |
not scanned |
Aspera uses the following ports:
33001 tcp (SSH, older versions used port 22)
33001 udp (fasp)
40001 tcp (Aspera Central)
4406 tcp (outbound logging)
Aspera servers may also have to open a range of ports for concurrent transfers, e.g. 33002-33010 udp. HTTP and/or HTTPS ports 80 and 443 are used for the web ui.
ASIGRA Televaulting DS-Sleeper Service |
| 4407 |
tcp |
nacagent |
not scanned |
Network Access Control Agent [ITGroup] (IANA official) |
| 4409 |
tcp |
netcabinet-com |
not scanned |
Net-Cabinet comunication |
| 4410 |
tcp |
itwo-server |
not scanned |
RIB iTWO Application Server
Siemens Automation License Manager (ALM) is vulnerable to a denial of service. By sending specially crafted packets to TCP port 4410, a remote attacker could exploit this vulnerability to cause the ALM service to crash.
References: [CVE-2016-8563] [XFDB-117810]
Siemens Automation License Manager (ALM) is vulnerable to SQL injection. A remote attacker could send a specially crafted parameter value to TCP port 4410, which could allow the attacker to read and write configuration settings of the ALM.
References: [CVE-2016-8564] [XFDB-117809]
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.
References: [CVE-2021-25659]
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
References: [CVE-2024-44087] |
| 4411 |
tcp |
found |
not scanned |
Found Messaging Protocol [Found_Software] (IANA official) |
| 4412 |
udp |
smallchat |
not scanned |
SmallChat (IANA official) |
| 4413 |
tcp |
avi-nms |
not scanned |
AVI Systems NMS (IANA official) |
| 4413 |
udp |
avi-nms-disc |
not scanned |
AVI Systems NMS (IANA official) |
| 4414 |
tcp |
trojan |
Premium scan |
AL-Bareki trojan
Updog Monitoring and Status (IANA official) |
| 4415 |
tcp |
brcd-vr-req |
not scanned |
Brocade Virtual Router (IANA official) |
| 4416 |
tcp |
pjj-player |
not scanned |
PJJ Media Player |
| 4416 |
udp |
pjj-player-disc |
not scanned |
PJJ Media Player discovery |
| 4417 |
tcp |
workflowdir |
not scanned |
Workflow Director (IANA official) |
| 4418 |
udp |
axysbridge |
not scanned |
IANA registered for: AXYS communication protocol |
| 4419 |
tcp |
cbp |
not scanned |
IANA registered for: Colnod Binary Protocol |
| 4420 |
tcp,udp |
nvm-express |
not scanned |
IANA registered for: NVM Express over Fabrics storage access |
| 4421 |
tcp |
scaleft |
not scanned |
IANA registered for: Multi-Platform Remote Management for Cloud Infrastructure |
| 4422 |
tcp |
tsepisp |
not scanned |
IANA registered for: TSEP Installation Service Protocol |
| 4423 |
tcp |
thingkit |
not scanned |
IANA registered for: thingkit secure mesh |
| 4425 |
tcp,udp |
netrockey6 |
not scanned |
NetROCKEY6 SMART Plus Service |
| 4428 |
tcp |
omviserver |
not scanned |
OMV-Investigation Server-Client |
| 4429 |
tcp |
omviagent |
not scanned |
OMV Investigation Agent-Server |
| 4431 |
tcp |
wspipe |
not scanned |
adWISE Pipe |
| 4432 |
tcp |
trojans |
Premium scan |
Backdoor.Acidoor [Symantec-2003-022517-2102-99] (2003.02.25) - a backdoor trojan that gives a hacker unauthorized access to your computer. By default, it uses ports 4432 and 4433. The existence of the file Extapp.exe is the sign of a possible infection.
L-ACOUSTICS management (TCP/UDP) [L-ACOUSTICS] (IANA official) |
| 4433 |
tcp |
applications |
Premium scan |
Backdoor.Acidoor [Symantec-2003-022517-2102-99] (2003.02.25) - a backdoor trojan that gives a hacker unauthorized access to your computer. By default, it uses ports 4432 and 4433. The existence of the file Extapp.exe is the sign of a possible infection.
Axence nVision also uses this port
Versile Object Protocol [Versile_AS] (IANA official) |
| 4434 |
tcp |
applications |
not scanned |
Axence nVision |
| 4435 |
tcp |
applications |
not scanned |
Axence nVision |
| 4436 |
tcp |
applications |
not scanned |
Axence nVision |
| 4442 |
tcp |
trojan |
Premium scan |
Oracle |
| 4443 |
tcp,udp |
applications |
not scanned |
Port sometimes used as an alternative to the standard HTTPS/SSL web traffic port 443 TCP.
Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports
Neato Robotics vacuum cleaners use ports 4443, 80, and 443/tcp.
MyKobold robot vacuum cleaners use port 4443/tcp
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
References: [CVE-2002-0592], [BID-4574]
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.
References: [CVE-2021-33720], [CVE-2021-33719]
Infoblox IPAM WinConnect default Web GUI port. Also uses port 9633. |
| 4444 |
tcp |
trojans |
Members scan |
Sophos Admin console default HTTPS port
Oracle WebCenter Server (Oracle Universal Content management) uses 4444 as Intradoc Socket port
Metasploit listener port is 4444 (TCP/UDP) by default.
I2P HTTP/S proxy uses this port.
W32.Blaster.Worm [Symantec-2003-081113-0229-99] is a widely spread worm that exploits the DCOM RPC vulnerability described in MS Security Bulletin [MS03-026]. The worm allows remote access to an infected computer via ports 4444/tcp and 69/UDP, and spreads through port 135/tcp. To avoid being infected consider closing those ports.
W32.Reidana.A [Symantec-2005-032515-4042-99] (2005.03.24) - worm that spreads using the MS DCOM RPC vulnerability (MS Security Bulletin [MS03-026]) on port 139. The worm attempts to download and execute a remote file via FTP. Opens TCP port 4444.
Some other trojans using this port: AlexTrojan, CrackDown, Oracle, Prosiak, SwiftRemote, W32.Hllw.Donk.M, W32.mockbot.a.worm [Symantec-2004-022608-5242-99]
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References: [CVE-2012-2561]
MinaliC Webserver is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing HTTP Post method. By sending a specially-crafted request containing an overly long string to TCP port 4444, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [XFDB-83714]
KNet Web Server is vulnerable to a buffer overflow. By sending a specially-crafted request to TCP port 4444, containing an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References: [XFDB-83114], [BID-58781], [EDB-24897]
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
References: [CVE-2018-5704]
KRB524 (IANA official) |
| 4444 |
udp |
applications |
not scanned |
Rockwell Automation RSLinx is vulnerable to a denial of service, caused by improper validation of input by LogReceiver.exe and Logger.dll. By sending a specially-crafted request to UDP port 4444, a remote attacker could exploit this vulnerability to cause the service to stop handling incoming requests.
References: [CVE-2012-4695] [XFDB-83275] [BID-58917]
Backdoor.Win32.Mnets / Remote Stack Buffer Overflow - the backdoor listens for commands on UDP ports 2222 and 4444. Sending a mere 323 bytes we can overwrite the instruction pointer (EIP), potentially giving us program execution flow over the remote Malware.
References: [MVID-2021-0031] |
| 4445 |
tcp,udp |
upnotifyp |
Premium scan |
Applications: UPNOTIFYP, MIRCat, Chainsaw
Trojans using this port: Oracle, Backdoor.Oracle
Risk Based Security has reported two vulnerabilities in Rockwell Automation FactoryTalk Services Platform, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to input validation errors within RNADiagnostics.dll when handling stream data and can be exploited to crash the service via a specially crafted request sent to UDP port 4445 (disabled by default).
References: [CVE-2012-4713], [CVE-2012-4714], [SECUNIA-52938]
Rockwell Automation is vulnerable to a denial of service, caused by an error in the FactoryTalk Diagnostics Receiver service (RNADiagReceiver.exe) when processing datagrams. By sending a specially-crafted UDP packet to UDP Port 4445, a remote attacker could exploit this vulnerability to cause the server to crash.
References: [CVE-2012-0222], [BID-51444], [XFDB-72421]
Rockwell Automation is vulnerable to a denial of service, caused by an error in the FactoryTalk Diagnostics Receiver service (RNADiagReceiver.exe) when processing datagrams. By sending a UDP packet containing more than 2000 bytes to UDP Port 4445, a remote attacker could exploit this vulnerability to cause the service code to terminate.
References: [CVE-2012-0221], [XFDB-72420], [BID-51444] |
| 4446 |
tcp |
applications |
not scanned |
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers "a memset zero overflow" or an out-of-bounds read, related to improper handling of a 32-bit size field.
References: [CVE-2011-3489], [BID-49608] |
| 4447 |
tcp |
trojan |
Premium scan |
Oracle |
| 4449 |
tcp |
trojan |
Premium scan |
Oracle |
| 4450 |
tcp,udp |
camp |
not scanned |
Common ASCII Messaging Protocol [Control_Technology_Inc] (IANA official) |
| 4451 |
tcp |
trojan |
Premium scan |
Oracle
CTI System Msg (TCP/UDP) [Control_Technology_Inc] (IANA official) |
| 4452 |
tcp,udp |
ctiprogramload |
not scanned |
CTI Program Load [Control_Technology_Inc] (IANA official) |
| 4455 |
tcp |
applications |
not scanned |
OBS Studio built-in WebSocket plugin default port |
| 4460 |
tcp |
ntske |
not scanned |
IANA registered for: Network Time Security Key |
| 4486 |
tcp,udp |
icms |
not scanned |
Integrated Client Message Service |
| 4487 |
tcp |
prex-tcp |
not scanned |
Protocol for Remote Execution over TCP |
| 4488 |
tcp |
trojan |
Premium scan |
Event Horizon
Trojan-Dropper.Win32.Googite.b / Unauthenticated Remote Command Execution - the malware listens on TCP ports 3388, 4488 and 10002 and drops executables under both Windows and SysWOW64 dirs. Third-party attackers who can reach infected systems can connect to port 10002 and run commands made available by the backdoor to retrieve information etc.
References: [MVID-2021-0254]
Apple Wide Area Connectivity Service ICE Bootstrap (TCP/UDP) (IANA official) |
| 4495 |
tcp |
trojans |
Premium scan |
Backdoor.Berbew.R [Symantec-2005-051915-2101-99] (2005.05.19) - remote access trojan that steals passwords and opens backdoors on ports 2525/tcp and 4495/tcp. |
| 4500 |
udp |
ipsec |
Members scan |
IPSec (VPN tunneling) uses the following ports:
50 - Encapsulation Header (ESP)
51 - Authentication Header (AH)
500/udp - Internet Key Exchange (IKE)
4500/udp - NAT traversal
See also:
port 1701 (L2TP)
port 1723 (PPTP)
Mac OS X Server VPN service, Back to My Mac (MobileMe, Mac OS X v10.5 or later), Vodafone Sure Signal also use this port.
Abacast peer-to-peer audio and video streaming also uses port 4500 (TCP/UDP)
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 and Cisco PIX 500 Series Security Appliance allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.
References: [CVE-2010-0567], [BID-38279] |
| 4502-4534 |
tcp |
silverlight |
not scanned |
Ports are used by the Microsoft Silverlight plugin. Silverlight can add graphics, interactive and multimedia functionality to the Web browser.
Websites with Silverlight-compatible content will send requests to the computer and access the policy file on port 943. Once the policy file is read, ports 4502-4534 can be used to send data to the Web browser. |
| 4502 |
tcp |
a25-fap-fgw |
not scanned |
Multiple Cogent products are vulnerable to a denial of service, caused by a NULL pointer dereference when handling formatted text commands. By sending a specially-crafted command containing a backslash to TCP ports 4502 or 4503, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-83280], [BID-58910]
A25 (FAP-FGW) [ThreeGPP2] (SCTP, IANA official) |
| 4503 |
tcp |
applications |
not scanned |
Multiple Cogent products are vulnerable to a denial of service, caused by a NULL pointer dereference when handling formatted text commands. By sending a specially-crafted command containing a backslash to TCP ports 4502 or 4503, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-83280], [BID-58910] |
| 4505 |
tcp |
applications |
not scanned |
Salt master - SaltStack infrastructure management software for data center automation |
| 4506 |
tcp |
applications |
not scanned |
Salt master - SaltStack infrastructure management software for data center automation |
| 4512 |
tcp |
worm |
Members scan |
W32.Mytob mass mailing worm - contains Sdbot functionality in the worm that contacts the irc.blackcarder.net IRC server (on TCP port 4512), joins a specified channel, and waits for further instructions. |
| 4523 |
tcp |
malware |
not scanned |
Backdoor.Win32.Celine / Missing Authentication - MTX Celine Trojan 3.3.3 by Del_Armg0, listens on TCP port 4523. The malware allows casual intruders access to the infected system as there is no authentication required. Third-party attackers can use telnet to gain entry to the backdoored host, after which they are presented with a command line.
References: [MVID-2021-0064] |
| 4525 |
tcp,udp |
applications |
not scanned |
Java, postfix SMTP |
| 4527 |
tcp,udp |
trojan |
Premium scan |
Zvrop trojan [Symantec-2003-012906-4950-99] |
| 4533 |
udp |
games |
not scanned |
F-22 Lightning 3 |
| 4534 |
udp |
games |
not scanned |
F-22 Lightning 3
Armagetron Advanced Game Server [Manuel_Moos] (IANA official)
Vulnerabilities in Armagetron and Armagetron Advanced can cause a DoS (Denial of Service). Some errors in the handling of large "description ID" and "claim_id" values can be exploited to crash a vulnerable service by sending a specially crafted UDP datagram to a vulnerable server on port 4534. An error in the communication handling can be exploited to cause the listening socket to enter an infinite loop by sending an empty UDP datagram to a vulnerable server on port 4534.
References: [CVE-2005-0369] [CVE-2005-0370] [CVE-2005-0371] [SECUNIA-14234]
|
| 4545 |
tcp,udp |
worldscores |
Premium scan |
WorldScores, LANSA Data/Application Server
W32.Neeris.C [Symantec-2009-060211-1532-99] (2009.06.02) - a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability ([BID-31874]) and through removable drives. It also opens a back door on the compromised computer.
Trojans using this port: Internal Revise, Remote Revise |
| 4550 |
tcp,udp |
applications |
not scanned |
GeoVision TwinDVR with Webcam |
| 4551 |
tcp,udp |
ieee-mih |
not scanned |
MIH Services [RFC5677] (IANA official) |
| 4552 |
tcp,udp |
menandmice-mon |
not scanned |
Men and Mice Monitoring |
| 4553 |
tcp |
icshostsvc |
not scanned |
ICS host services |
| 4555 |
tcp,udp |
rsip |
not scanned |
RSIP Port [RFC 3103] |
| 4556 |
tcp |
dtn-bundle |
not scanned |
DTN Bundle TCP CL Protocol (IANA official) [RFC 7242] |
| 4556 |
udp |
dtn-bundle |
not scanned |
DTN Bundle UDP CL Protocol (IANA official) [RFC 7122] |
| 4557 |
udp |
mtcevrunqss |
not scanned |
Marathon everRun Quorum Service Server |
| 4558 |
udp |
mtcevrunqman |
not scanned |
Marathon everRun Quorum Service Manager |
| 4563 |
tcp |
amahi-anywhere |
not scanned |
Amahi Anywhere - an app to locally and remotely (via an SSL-secured service, provided by Amahi) access, browse and stream files from your server [Amahi] (IANA official) |
| 4564 |
tcp |
trojans |
Premium scan |
W32.Spybot.RDW [Symantec-2005-062911-3840-99] (2005.06.29) - a worm with DDoS (distributed denial of service) and backdoor capabilities. Spreads by exploiting common vulnerabilities and through network shares with weak passwords. Opens an IRC backdoor on port 4564/tcp. |
| 4567 |
tcp |
trojans |
Basic scan |
Verizon Actiontec Routers have a web server listening to this port. Verizon FiOS uses it for "secure server connection to automatically monitor/upgrade the router firmware when connected to the FiOS network using a MOTIVE server connection on port 4567". The firmware shipped with Verizon's CPE does not allow port 4567 to be blocked easily.
To possibly block this port, enter the router's admin interface and navigate to:
1. Home -> Advanced-> Protocols-> Add
2. Type any service name, add server ports: protocol -> TCP, source -> any, destination -> single=4567 , then Apply.
3. Navigate to Home -> Security -> Advanced Filtering
4. Input Rule Sets -> Broadband Connection (Ethernet) Rules -> Add
Sinatra default server port in development mode (HTTP)
Trojans that use this port: File Nail, BackDoor-IW.
Backdoor.Win32.Visiotrol.10 / Insecure Password Storage - the malware listens by default on TCP port 4567. The default password "vc" is very weak and stored in a plaintext file named "config.vcs" on disk.
References: [MVID-2021-0431]
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
References: [CVE-2023-5157]
TRAM (IANA official) |
| 4567 |
udp |
applications |
not scanned |
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
References: [CVE-2012-2606] |
| 4569 |
tcp,udp |
iax |
not scanned |
VoIP (IAX2) Sessions use this port.
Inter-Asterisk eXchange [RFC 5456] (IANA official) |
| 4573 |
tcp |
cardifftec-back |
not scanned |
IANA registered for: communication between a server and client for a custom backup system |
| 4590 |
tcp |
trojan |
Premium scan |
ICQTrojan
RID over HTTP/TLS [IESG] [RFC6546] (IANA official) |
| 4591 |
tcp,udp |
l3t-at-an |
not scanned |
HRPD L3T (AT-AN) |
| 4592 |
tcp |
applications |
not scanned |
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
References: [CVE-2011-4041], [BID-47008] |
| 4598 |
tcp,udp |
a16-an-an |
not scanned |
A16 (AN-AN) |
| 4599 |
tcp,udp |
a17-an-an |
not scanned |
A17 (AN-AN) |
| 4600 |
tcp,udp |
piranha1 |
not scanned |
Piranha1 |
| 4601 |
tcp,udp |
piranha2 |
not scanned |
Piranha2 [Primark_Corporation] (IANA official) |
| 4603 |
tcp |
menandmice-upg |
not scanned |
Men & Mice Upgrade Agent |
| 4604 |
tcp |
irp |
not scanned |
Identity Registration Protocol [Sixscape_Communications_Ltd] (IANA official) |
| 4606 |
tcp |
sixid |
not scanned |
IANA registered for: Secure ID to IP registration and lookup |
| 4610 |
tcp |
applications |
not scanned |
QualiSystems TestShell Suite Services |
| 4621 |
udp |
ventoso |
not scanned |
IANA registered for: Bidirectional single port remote radio VOIP and Control stream |
| 4627 |
tcp,udp |
applications |
Premium scan |
Applications: QualiSystems TestShell Suite Services
Lala backdoor [Symantec-2002-122014-1523-99] - a trojan horse that allows unauthorized access to a compromised computer. The Trojan attempts to steal confidential information (such as cached passwords and cookies), log keystrokes, and allow for remote file execution. Opens TCP/UDP port 4627, 1149, or 1877 to allow remote access. |
| 4646 |
tcp |
dots-signal |
Premium scan |
Nemog [Symantec-2004-081610-2414-99] - backdoor trojan horse that allows an infected computer to be used as an email relay and HTTP proxy. Attempts to contact eMule servers on ports 3306,4242,4646,4661.
IANA registered for: Denial-of-Service Open Threat Signaling (DOTS) Signal Channel (TCP/UDP) |
| 4653 |
tcp |
trojan |
Premium scan |
Cero |
| 4654 |
tcp,udp |
worm |
not scanned |
W32.Spybot |
